Search Results

Search found 390 results on 16 pages for 'escaping'.

Page 3/16 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Escaping Problem in bash using isql

    - by latz
    Hi there, I am currently working on a little backup script from some firebird databases and I've come up with a weird escaping problem that I don't seem to be able to solve. Here's the thing in my script I create a variable called sqllog in which I would like to put the output of a chain of commands, here it is. sqllog=echo "SELECT * FROM RDB\$DATABASE;" | isql -u SYSDBA -pass mypasswd localhost:mydatabase | tail -n 2 | head -n 1 | wc -l if I try to execute this in shell I get the following error Statement failed, SQLCODE = -204 Dynamic SQL Error -SQL error code = -204 -Table unknown -RDB -At line 1, column 15. Table unknown RDB means it didn't take my try to escape the $. thx for any help :)

    Read the article

  • escaping into php

    - by pradeep
    $valid-url = "p1=".rawurlencode($_GET['p1'])."&type=".rawurlencode($_GET['type'])."&os=".rawurlencode($_GET['os'])."&price=".rawurlencode($_GET['price'])."&sort=".rawurlencode($_GET['sort'])."&sort_order=".rawurlencode($_GET['sort_order'])."&perpage=".rawurlencode($perpage).""; i am trying to build the url and pass it to <a href=''..but its throwing escaping problem...can i get some help on this.

    Read the article

  • ash scripting: space-containing variable refuses to be grepped

    - by Luci Sandor
    I am trying to run the script listed at http://talk.maemo.org/showthread.php?t=70866&page=2 on its intended hardware, a Nokia Linux phone running BusyBox ash. The script receives the name of WiFi network as a parameter, and tries to connect the phone to it. I suspect the script works, but my SSID, BU (802.1x), has space and parentheses in it. So when I type at the command prompt autoconnect.sh BU\ \(802.1x\) I get various errors. First, LIST=`iwconfig wlan0 | awk -F":" '/ESSID/{print $2}'` if [ $LIST = "\"$1\"" ]; then ...fails, even I am connected to the network. The error is not avoided by using single or double quotes instead of escaping characters at the command prompt. Second, if [ -z `iwlist wlan0 scan | grep -m 1 -o \"$1\"` ]; then echo SSID \"$1\" not found; shows that grep does not find the string, although the same grep, typed directly into the command prompt, does find 'BU (802.1x)'. How do I quote $1 in the two circumstances above so that it will work with my network SSID, containing spaces and parentheses? Thank you.

    Read the article

  • bash tips needed for understanding how to escape characters in command-line

    - by Jesper Rønn-Jensen
    My knowledge of commandline bash is missing on a particular area: I constantly forget how to properly escape characters. Today I wanted to echo this string into a file: #!/bin/env bash python -m SimpleHTTPServer echo "#!/bin/env bash\npython -m SimpleHTTPServer" server.sh && chmod +x server.sh -bash: !/bin/env: event not found That's right: Remember to escape ! or bash will think it's a special bash event command. But I can't get the escaping right! \! yields \! in the echoed string, and so does \\!. Furthermore, \n will not translate to a line break. Do you have some general tips that makes it easier for me to understand escaping rules? To be very precise, I'll accept an answer which tells me which characters I should escape on the bash command line? Including how to correctly output newline and exclamation mark in my example.

    Read the article

  • How to correctly set GNU Screen to display currently running program in hardstatus

    - by johnny_bgoode
    I posted this question on SuperUser but it's hardly getting any views, so I thought I'd ask here as well. In bash, to display the name of the current program in the GNU Screen hardstatus line takes only two configuration lines. First, tell screen what the end of your prompt normally looks like, and supply a default title for a window when you are sitting at in the shell: shelltitle "$ |bash" Next, place this escape sequence in the PS1 variable, before the characters that normally terminate the prompt '$ ' in this case: \033k\033\\\ This technique works, to a point. The hardstatus window title is updated to the name of the currently running program, and then switches back to the default title shortly after execution is finished. One major problem, however, is that this escape string is not escaped itself, causing line-wrapping problems with commands longer than the initial line. This was annoying, so I set out looking for a solution. Turns out, simply escaping the previous escape sequence corrects line wrapping: [\033k]\[\033\\\] Great! My hardstatus window title still updates to the name of the currently running program, and now my longer commands wrap to the second line correctly. However, with this new escape sequence in my PS1, screen updates the window title to the actual command I am typing, not simply the name of the current program once it is executed. I am wondering, has anyone gotten this working correctly - i.e. line wrapping and proper updating of the hardstatus window title? Thanks!

    Read the article

  • shell_exec escaping quotes in php for Twitter API --> Getting CURL to work with obscure twitter api

    - by yc10
    I'm using shell_exec() to execute a Twitter API Call. shell_exec('curl -u user:password -d "id=3191321" http://api.twitter.com/1/twitterapi/twitterlist/members.xml'); That works fine when I authenticate correctly and put in a number for the id. But when I try to put in a variable ($id), it screws up. $addtolist = shell_exec('curl -u pxlist:Weekend1 -d "id='.$id.'" http://twitter.com/username/twitterlist/members.xml'); I tried flipping the quote types $addtolist = shell_exec("curl -u pxlist:Weekend1 -d 'id=$id' http://twitter.com/username/twitterlist/members.xml"); I tried using double quotes and escaping them $addtolist = shell_exec("curl -u pxlist:Weekend1 -d \"id=$id\" http://twitter.com/username/twitterlist/members.xml"); None of them worked. What am I doing wrong? EDIT: The purists say I should be using PHP's built in curl methods, not the shell_exec. That's not working either. $url = 'http://twitter.com/user/list/members.xml'; // Set up and execute the curl process $curl_handle = curl_init(); curl_setopt($curl_handle, CURLOPT_URL, "$url"); curl_setopt($curl_handle, CURLOPT_CONNECTTIMEOUT, 2); curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_handle, CURLOPT_POST, 1); curl_setopt($curl_handle, CURLOPT_POSTFIELDS, "id=$id"); curl_setopt($curl_handle, CURLOPT_USERPWD, "user:pw"); $buffer = curl_exec($curl_handle); curl_close($curl_handle); It returns bool(false), and doesn't properly update the Twitter List in question (the whole point of the exercise)

    Read the article

  • Escaping single quote in PHP when inserting into MySQL

    - by hairdresser-101
    I have a perplexing issue that I can't seem to comprehend... I'm hoping someone here might be able to point me in the right direction... I have two SQL statements: - the first enters information from a form into the database. - the second takes data from the database entered above, sends an email and then logs the details of the transaction The problem is that it a appears that a single quote is triggering a MySQL error on the second entry only!!! The first instance works without issue but the second instance triggers the mysql_error(). Does the data from a form get handled differently from the data captured in a form? Query#1 - This works without issue (and without escaping the single quote) $result = mysql_query("INSERT INTO job_log (order_id, supplier_id, category_id, service_id, qty_ordered, customer_id, user_id, salesperson_ref, booking_ref, booking_name, address, suburb, postcode, state_id, region_id, email, phone, phone2, mobile, delivery_date, stock_taken, special_instructions, cost_price, cost_price_gst, sell_price, sell_price_gst, ext_sell_price, retail_customer, created, modified, log_status_id) VALUES ('$order_id', '$supplier_id', '$category_id', '{$value['id']}', '{$value['qty']}', '$customer_id', '$user_id', '$salesperson_ref', '$booking_ref', '$booking_name', '$address', '$suburb', '$postcode', '$state_id', '$region_id', '$email', '$phone', '$phone2', '$mobile', STR_TO_DATE('$delivery_date', '%d/%m/%Y'), '$stock_taken', '$special_instructions', '$cost_price', '$cost_price_gst', '$sell_price', '$sell_price_gst', '$ext_sell_price', '$retail_customer', '".date('Y-m-d H:i:s', time())."', '".date('Y-m-d H:i:s', time())."', '1')"); Query#2 - This fails when entering a name with a single quote (i.e. O'Brien) $query = mysql_query("INSERT INTO message_log (order_id, timestamp, message_type, email_from, supplier_id, primary_contact, secondary_contact, subject, message_content, status) VALUES ('$order_id', '".date('Y-m-d H:i:s', time())."', '$email', '$from', '$row->supplier_id', '$row->primary_email' ,'$row->secondary_email', '$subject', '$message_content', '1')");

    Read the article

  • Escaping single quote in PHP when inserting into MySQL

    - by hairdresser-101
    PLEASE NOTE: I am reposting as the original was not answered correctly... I AM LOOKING FOR THE WHY - NOT THE SOLUTION - I KNOW THE SOLUTION, WHAT I DON'T UNDERSTAND IS THE WHY! I have a perplexing issue that I can't seem to comprehend... I'm hoping someone here might be able to point me in the right direction... I have two SQL statements: - the first enters information from a form into the database. - the second takes data from the database entered above, sends an email and then logs the details of the transaction The problem is that it a appears that a single quote is triggering a MySQL error on the second entry only!!! The first instance works without issue but the second instance triggers the mysql_error(). Does the data from a form get handled differently from the data captured in a form? Query#1 - This works without issue (and without escaping the single quote) $result = mysql_query("INSERT INTO job_log (order_id, supplier_id, category_id, service_id, qty_ordered, customer_id, user_id, salesperson_ref, booking_ref, booking_name, address, suburb, postcode, state_id, region_id, email, phone, phone2, mobile, delivery_date, stock_taken, special_instructions, cost_price, cost_price_gst, sell_price, sell_price_gst, ext_sell_price, retail_customer, created, modified, log_status_id) VALUES ('$order_id', '$supplier_id', '$category_id', '{$value['id']}', '{$value['qty']}', '$customer_id', '$user_id', '$salesperson_ref', '$booking_ref', '$booking_name', '$address', '$suburb', '$postcode', '$state_id', '$region_id', '$email', '$phone', '$phone2', '$mobile', STR_TO_DATE('$delivery_date', '%d/%m/%Y'), '$stock_taken', '$special_instructions', '$cost_price', '$cost_price_gst', '$sell_price', '$sell_price_gst', '$ext_sell_price', '$retail_customer', '".date('Y-m-d H:i:s', time())."', '".date('Y-m-d H:i:s', time())."', '1')"); Query#2 - This fails when entering a name with a single quote (i.e. O'Brien) $query = mysql_query("INSERT INTO message_log (order_id, timestamp, message_type, email_from, supplier_id, primary_contact, secondary_contact, subject, message_content, status) VALUES ('$order_id', '".date('Y-m-d H:i:s', time())."', '$email', '$from', '$row->supplier_id', '$row->primary_email' ,'$row->secondary_email', '$subject', '$message_content', '1')");

    Read the article

  • Unix: cannot add "\\ \n" even with escaping to the end of line

    - by HH
    I try to convert clean columnwise data to tables in tex. I am unable to have "\ \n" at each end of line. Please, see the command at the end. Data $ echo `. ./bin/addTableTexTags.sh < .data_3` 10.31 & 8.50 & 7.40 10.34 & 8.53 & 7.81 8.22 & 8.62 & 7.78 10.16 & 8.53 & 7.44 10.41 & 8.38 & 7.63 10.38 & 8.57 & 8.03 10.13 & 8.66 & 7.41 8.50 & 8.60 & 7.15 10.41 & 8.63 & 7.21 8.53 & 8.53 & 7.12 $ cat .data_3 10.31 8.50 7.40 10.34 8.53 7.81 8.22 8.62 7.78 10.16 8.53 7.44 10.41 8.38 7.63 10.38 8.57 8.03 10.13 8.66 7.41 8.50 8.60 7.15 10.41 8.63 7.21 8.53 8.53 7.12 addTableTexTags.sh #!/bin/bash sed -e "s@[[:space:]]@\t\&\t@g" -e "s@[[:space:]]*&*[[:space:]]*\$@\t \\ \\\\n@g" // Tried Escaping "\\" with "/" here and there // but cannot get a line ending with "\\ \n".

    Read the article

  • Delphi / MySql : Problems escaping strings

    - by mawg
    N00b here, having problems escaping strings. I used the QuotedStr() function - shouldn't that be enough. Unfortunately, the string that I am trying to quote is rather messy, but I will post it here in case anyone wants to paste it into WinMerge or KDiff3, etc. I am trying to store an entire Delphi form into the database, rather than into a .DFM file. It has only one field, a TEdit edit box. The debugger shows the form as text as 'object Form1: TScriptForm'#$D#$A' Left = 0'#$D#$A' Top = 0'#$D#$A' Align = alClient'#$D#$A' BorderStyle = bsNone'#$D#$A' ClientHeight = 517'#$D#$A' ClientWidth = 993'#$D#$A' Color = clBtnFace'#$D#$A' Font.Charset = DEFAULT_CHARSET'#$D#$A' Font.Color = clWindowText'#$D#$A' Font.Height = -11'#$D#$A' Font.Name = 'MS Sans Serif''#$D#$A' Font.Style = []'#$D#$A' OldCreateOrder = False'#$D#$A' SaveProps.Strings = ('#$D#$A' 'Visible=False')'#$D#$A' PixelsPerInch = 96'#$D#$A' TextHeight = 13'#$D#$A' object Edit1: TEdit'#$D#$A' Left = 192'#$D#$A' Top = 64'#$D#$A' Width = 121'#$D#$A' Height = 21'#$D#$A' TabOrder = 8'#$D#$A' end'#$D#$A'end'#$D#$A before calling QuotedStr() and ''object Form1: TScriptForm'#$D#$A' Left = 0'#$D#$A' Top = 0'#$D#$A' Align = alClient'#$D#$A' BorderStyle = bsNone'#$D#$A' ClientHeight = 517'#$D#$A' ClientWidth = 993'#$D#$A' Color = clBtnFace'#$D#$A' Font.Charset = DEFAULT_CHARSET'#$D#$A' Font.Color = clWindowText'#$D#$A' Font.Height = -11'#$D#$A' Font.Name = ''MS Sans Serif'''#$D#$A' Font.Style = []'#$D#$A' OldCreateOrder = False'#$D#$A' SaveProps.Strings = ('#$D#$A' ''Visible=False'')'#$D#$A' PixelsPerInch = 96'#$D#$A' TextHeight = 13'#$D#$A' object Edit1: TEdit'#$D#$A' Left = 192'#$D#$A' Top = 64'#$D#$A' Width = 121'#$D#$A' Height = 21'#$D#$A' TabOrder = 8'#$D#$A' end'#$D#$A'end'#$D#$A''' afterwards. The strange thing is that my complete command 'INSERT INTO designerFormDfm(designerFormDfmText) VALUES ("'object Form1: TScriptForm'#$D#$A' Left = 0'#$D#$A' Top = 0'#$D#$A' Align = alClient'#$D#$A' BorderStyle = bsNone'#$D#$A' ClientHeight = 517'#$D#$A' ClientWidth = 993'#$D#$A' Color = clBtnFace'#$D#$A' Font.Charset = DEFAULT_CHARSET'#$D#$A' Font.Color = clWindowText'#$D#$A' Font.Height = -11'#$D#$A' Font.Name = ''MS Sans Serif'''#$D#$A' Font.Style = []'#$D#$A' OldCreateOrder = False'#$D#$A' SaveProps.Strings = ('#$D#$A' ''Visible=False'')'#$D#$A' PixelsPerInch = 96'#$D#$A' TextHeight = 13'#$D#$A' object Edit1: TEdit'#$D#$A' Left = 192'#$D#$A' Top = 64'#$D#$A' Width = 121'#$D#$A' Height = 21'#$D#$A' TabOrder = 8'#$D#$A' end'#$D#$A'end'#$D#$A''");' executes in a MySql console, but not from Delphi, where I pass that command as parameter command to a function which ADOCommand.CommandText := command; ADOCommand.CommandType := cmdText; ADOCommand.Execute(); I can only assume that I am having problems escpaing sequences which contain single quotes (and QuotedStr() doesn't seem to escape backslahes(?!)) What am I doing that is obviously, glaringly wrong?

    Read the article

  • what is the point of escaping quotation marks in php

    - by Jacksta
    Here is a validation script from a book I am learning, Why is escaping the quotation marks necassery? e.g. <option value=\"char\">char</option> <?php //validate important input if ((!$_POST[table_name]) || (!$_POST[num_fields])) { header( "location: show_createtable.html"); exit; } //begin creating form for display $form_block = " <form action=\"do_createtable.php\" method=\"post\"> <input name=\"table_name\" type=\"hidden\" value=\"$_POST[table_name]\"> <table cellspacing=\"5\" cellpadding=\"5\"> <tr> <th>Field Name</th><th>Field Type</th><th>Table Length</th> </tr>"; //count from 0 until you reach the number fo fields for ($i = 0; $i <$_POST[num_fields]; $i++) { $form_block .=" <tr> <td align=center><input type=\"texr\" name=\"field name[]\" size=\"30\"></td> <td align=center> <select name=\"field_type[]\"> <option value=\"char\">char</option> <option value=\"date\">date</option> <option value=\"float\">float</option> <option value=\"int\">int</option> <option value=\"text\">text</option> <option value=\"varchar\">varchar</option> </select> </td> <td align=center><input type=\"text\" name=\"field_length[]\" size=\"5\"> </td> </tr>"; } //finish up the form $form_block .= " <tr> <td align=center colspan=3><input type =\"submit\" value=\"create table\"> </td> </tr> </table> </form>"; ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Create a database table: Step 2</title> </head> <body> <h1>defnie fields for <? echo "$_POST[table_name]"; ?> </h1> <? echo "$form_block"; ?> </body> </html>

    Read the article

  • How can I disable 'output escaping' in minidom

    - by William
    I'm trying to build an xml document from scratch using xml.dom.minidom. Everything was going well until I tried to make a text node with a ® (Registered Trademark) symbol in. My objective is for when I finally hit print mydoc.toxml() this particular node will actually contain a ® symbol. First I tried: import xml.dom.minidom as mdom data = '®' which gives the rather obvious error of: File "C:\src\python\HTMLGen\test2.py", line 3 SyntaxError: Non-ASCII character '\xae' in file C:\src\python\HTMLGen\test2.py on line 3, but no encoding declared; see http://www.python.or g/peps/pep-0263.html for details I have of course also tried changing the encoding of my python script to 'utf-8' using the opening line comment method, but this didn't help. So I thought import xml.dom.minidom as mdom data = '&#174;' #Both accepted xml encodings for registered trademark data = '&reg;' text = mdom.Text() text.data = data print data print text.toxml() But because when I print text.toxml(), the ampersands are being escaped, I get this output: &reg; &amp;reg; My question is, does anybody know of a way that I can force the ampersands not to be escaped in the output, so that I can have my special character reference carry through to the XML document? Basically, for this node, I want print text.toxml() to produce output of &reg; or &#174; in a happy and cooperative way! EDIT 1: By the way, if minidom actually doesn't have this capacity, I am perfectly happy using another module that you can recommend which does. EDIT 2: As Hugh suggested, I tried using data = u'®' (while also using data # -*- coding: utf-8 -*- Python source tags). This almost helped in the sense that it actually caused the ® symbol itself to be outputted to my xml. This is actually not the result I am looking for. As you may have guessed by now (and perhaps I should have specified earlier) this xml document happens to be an HTML page, which needs to work in a browser. So having ® in the document ends up causing rubbish in the browser (® to be precise!). I also tried: data = unichr(174) text.data = data.encode('ascii','xmlcharrefreplace') print text.toxml() But of course this lead to the same origional problem where all that happens is the ampersand gets escaped by .toxml(). My ideal scenario would be some way of escaping the ampersand so that the XML printing function won't "escape" it on my behalf for the document (in other words, achieving my original goal of having &reg; or &#174; appear in the document). Seems like soon I'm going to have to resort to regular expressions! EDIT 2a: Or perhaps not. Seems like getting my html meta information correct <META http-equiv="Content-Type" Content="text/html; charset=UTF-8"> could help, but I'm not sure yet how this fits in with the xml structure...

    Read the article

  • Get the last day of the last month in csh?

    - by ANE
    How do you get the last day of the last month in csh? Here is the code so far. The cal command below works if you execute it from the (FreeBSD sh) command line, but I'm having trouble escaping it properly to run within a script. #!/bin/csh set lastdayoflastmonth=`cal `date '+%m'` `date '+%Y'` | grep . | fmt -1 | tail -1` echo $lastdayoflastmonth

    Read the article

  • PHP: Escape illegal chars in .ini-files

    - by Martin
    The documentation on parse_ini_file (http://php.net/manual/en/function.parse-ini-file.php) states that you can't use these chars {}|&~![()^" in the value. Is there some way to escape these chars? I need to use them. Normal escaping with \ doesn't seem to work.

    Read the article

  • How to escape or remove double quotes in rsyslog template

    - by Evgeny
    I want rsyslog to write log messages in JSON format, which requires to use double-quotes (") around strings. Problem is that values sometime include double-quotes themselves, and those need to be escaped - but I can't figure out how to do that. Currently my rsyslog.conf contains this format that I use (a bit simplified): $template JsonFormat,"{\"msg\":\"%msg%\",\"app-name\":\"%app-name%\"}\n",sql But when a msg arrives that contains double quotes, the JSON is broken, example: user pid=21214 uid=0 auid=4294967295 msg='PAM setcred: user="oracle" exe="/bin/su" (hostname=?, addr=?, terminal=? result=Success)' turns into: {"msg":"user pid=21214 uid=0 auid=4294967295 msg='PAM setcred: user="oracle" exe="/bin/su" (hostname=?, addr=?, terminal=? result=Success)'","app-name":"user"} but what I need it to become is: {"msg":"user pid=21214 uid=0 auid=4294967295 msg='PAM setcred: user=\"oracle\" exe=\"/bin/su\" (hostname=?, addr=?, terminal=? result=Success)'","app-name":"user"}

    Read the article

  • Escaping an equals sign in DOS batch string replacement command

    - by Alastair
    I need to replace some text in a JNLP file using a DOS batch file to tune it for the local machine. The problem is that the search pattern contains an equals sign which is messing up the string replacement in the batch file. I want to replace the line, <j2se version="1.5" initial-heap-size="100M" max-heap-size="100M"/> with specific settings for the initial and max heap sizes. For example at the moment I have, for /f "tokens=* delims=" %%a in (%filePath%agility.jnlp) do ( set str=%%a set str=!str:initial-heap-size="100M"=initial-heap-size="%min%M"! echo !str!>>%filePath%new.jnlp) but the = in the search pattern is being read as part of the replacement command. How do I escape the equals sign so it is processed as text?

    Read the article

  • Escaping Hyphens with pkg-config through qmake

    - by Nexus
    I am trying to compile an application using qmake that is using pkg-config to bring in yaml-cpp. Unlike using pkg-config through the terminal qmake which is formatted like: pkg-config --libs --cflags yaml-cpp qmake actually spits out the include paths inside the make command like this: -I/usr/local/include/yaml-cpp This include path breaks subsequent includes which I've set in my qmake file. It's not possible for me to rearrange these includes due the order in which qmake parses its variables. Is it possible using qmake to escape the quote somehow or to make it use the first quoted configuration?

    Read the article

  • Escaping '“' with regular double quotes using Ruby regex

    - by DavidP6
    I have text that has these fancy double quotes: '“' and I would like to replace them with regular double quotes using Ruby gsub and regex. Here's an example and what I have so far: sentence = 'This is a quote, “Hey guys!”' I couldn't figure out how to escape double quotes so I tried using 34.chr: sentence.gsub("“",34.chr). This gets me close but leaves a back slash in front of the double quote: sentence.gsub("“",34.chr) => 'This is a quote, \"Hey guys!”'

    Read the article

  • TSQL Query: Escaping Special Characters

    - by Abs
    Hello all, I am trying to escape special characters in a TSQL query. I have done this before: SELECT columns FROM table WHERE column LIKE '%\%%' ESCAPE '\' And it has worked. Now I have tried to do this now: UPDATE match SET rule_name='31' ESCAPE '\' But it has failed. I know none of the vlaues have a \ but it should still work. I am guessing its because it needs a LIKE statement but how else can I escape characters that I am adding to a database? In addition, does anyone have a link to all the special characters that should be escaped, I couldn't find any documentation on this! Thanks all for any help

    Read the article

  • perl escaping \n or \t

    - by Michael
    I need to escape \n so on output I really get newline or tab $ perl -p -e 's/e/a/ge' now I want each e to be substituted with \n $ perl -p -e 's/e/\n/ge' but even \n gives me an error. this was a simplified example. In real script(makefile) I have substitute := perl -p -e 's/@([^@]+)@/defined $$ENV{$$1} ? $$ENV{$$1} : $$1/ge' and in target I have such a nice command $(substitute) $< > $@ and if the input file for perl contains \n at output I will see it literally... I want to have real newline.

    Read the article

  • Correct escaping of delimited identifers in SQL Server without using QUOTENAME

    - by Ross Bradbury
    Is there anything else that the code must do to sanitize identifiers (table, view, column) other than to wrap them in double quotation marks and "double up" and double quotation marks present in the identifier name? References would be appreciated. I have inherited a code base that has a custom object-relational mapping (ORM) system. SQL cannot be written in the application but the ORM must still eventually generate the SQL to send to the SQL Server. All identifiers are quoted with double quotation marks. string QuoteName(string identifier) { return "\" + identifier.Replace("\"", "\"\"") + "\""; } If I were building this dynamic SQL in SQL, I would use the built-in SQL Server QUOTENAME function: declare @identifier nvarchar(128); set @identifier = N'Client"; DROP TABLE [dbo].Client; --'; declare @delimitedIdentifier nvarchar(258); set @delimitedIdentifier = QUOTENAME(@identifier, '"'); print @delimitedIdentifier; -- "Client""; DROP TABLE [dbo].Client; --" I have not found any definitive documentation about how to escape quoted identifiers in SQL Server. I have found Delimited Identifiers (Database Engine) and I also saw this stackoverflow question about sanitizing. If it were to have to call the QUOTENAME function just to quote the identifiers that is a lot of traffic to SQL Server that should not be needed. The ORM seems to be pretty well thought out with regards to SQL Injection. It is in C# and predates the nHibernate port and Entity Framework etc. All user input is sent using ADO.NET SqlParameter objects, it is just the identifier names that I am concerned about in this question. This needs to work on SQL Server 2005 and 2008.

    Read the article

  • dojo parser not escaping quotation marks in attributes?

    - by peirix
    Whenever I'm using quotation marks inside an attribute value in dojo, it seems dojo's parser isn't handling it very well... <textarea name="content.locale['en']" dojoType="dijit.form.SimpleTextarea"> </textarea> Turns into: <textarea ]="" en="" name="content.locale["></textarea> With the surrounding <div>s and what not is added by the dijit widget. Any ideas? EDIT Seems this is working as it should with other elements, it's just the SimpleTextarea that's causing a problem..

    Read the article

  • Rails escape_javascript creates invalid JSON by escaping single quotes

    - by Arrel
    The escape_javascript method in ActionView escapes the apostrophe ' as backslash apostrophe \', which gives errors when parsing as JSON. For example, the message "I'm here" is valid JSON when printed as: {"message": "I'm here"} But, <%= escape_javascript("I'm here") %> outputs "I\'m here", resulting in invalid JSON: {"message": "I\'m here"} Is there a patch to fix this, or an alternate way to escape strings when printing to JSON?

    Read the article

  • PHP Json Encoding w/ quote escaping in 5.2?

    - by NickAldwin
    I'm playing with the flickr api and php. I want to pass some information from PHP to Javascript through Ajax. I have the following code: json_encode($pics); which results in the following example JSON string: [{"id":"4363603591","title":"blue, white and red...another seattle view","date_faved":"1266379499"},{"id":"4004908219","title":"\u201cI just told you my dreams and you made me see that I could walk into the sun and I could still be me and now I can't deny nothing lasts forever.\u201d","date_faved":"1259987670"}] Javascript has problems with this, however, due to the unescaped single-quote in the second item ("can't deny"). I want to use the function json_encode with the options parameter to make it strip the quotes, but that's only available in PHP 5.3, and I'm running 5.2 (not my server). Is there a fast way to run through the entire array and escape everything before encoding it in Json? I looked for a way to do this, but it all seems to deal with encoding it as the data is generated, something I cannot do as I'm not the one generating the data. If it helps, I'm currently using the following javascript after the ajax request: var photos = eval('(' + resptxt + ')');

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >