开发者

Cannot view the saved data when 'apostrophe' is entered in the input

I am trying to modify an existing code (written by my predecessor) which changes the apostrophe (entered along with the test into the text box) to "Å" symbol while displaying it back in the text box. How can I change this? when I tried to remove the symbol from the code, I cannot get the result back/see the saved text in the text box and it gives an error message.

Here is the code of the grid view control in which the result is displayed and this is where I am suppose to click so see what data is entered:

protected void grdActivities_RowDataBound(Object sender, GridViewRowEventArgs e)
    {
        DataRowView dr = e.Row.DataItem as DataRowView;

        if (e.Row.RowType == DataControlRowType.DataRow)
        {

            Label lblPerson = (Label)e.Row.FindControl("lblPerson");
            if (dr["Name"] != DBNull.Value)
                lblPerson.Text = dr["Name"].ToString();

            Label lblDate = (Label)e.Row.FindControl("lblDate");
            if (dr["service_outcome_date"] != DBNull.Value)
  开发者_如何学Go              lblDate.Text = dr["service_outcome_date"].ToString();

            Label lblReasonforContact = (Label)e.Row.FindControl("lblReasonforContact");
            if (lblReasonforContact != null)
            {
                if (dr["reason_for_contact_desc"] != DBNull.Value)
                {
                    lblReasonforContact.Text = dr["reason_for_contact_desc"].ToString();
                }

                if (dr["service_desc"] != DBNull.Value)
                {
                    lblReasonforContact.Text = dr["service_desc"].ToString();
                }

                if (dr["health_screening_recommendations_desc"] != DBNull.Value)
                {
                    lblReasonforContact.Text = dr["health_screening_recommendations_desc"].ToString();
                }
            }


            Label lblServiceDeliveryTime = (Label)e.Row.FindControl("lblServiceDeliveryTime");
            if (dr["service_delivery_time"] != DBNull.Value)
                lblServiceDeliveryTime.Text = dr["service_delivery_time_desc"].ToString();

            Label lblcreatedby = (Label)e.Row.FindControl("lblcreatedby");
            if (dr["createdby"] != DBNull.Value)
                lblcreatedby.Text = dr["createdby"].ToString();

            Label lblServiceType = (Label)e.Row.FindControl("lblServiceType");
            if (lblServiceType != null)
            {
                if (dr["contact_desc"] != DBNull.Value)
                    lblServiceType.Text = dr["contact_desc"].ToString();
            }



            string strScriptParam = "";
            string service_id="", psn = "", contact = "", reason = "", outcome = "", servicetraveltime = "", settingtype = "", strOtherTypeOfSetting = "";
            string dtmonth = "", dtday = "", dtyear = "", createby = "", note = "";

            string dtservicemonth = "", dtserviceday = "", dtserviceyear = "", dtfollowupbymonth = "", dtfollowupbyday = "", dtfollowupbyyear = "", service = "", HealthScreening = "", service_completed = "";

            if (dr["service_outcome_id"] != DBNull.Value)
                service_id = dr["service_outcome_id"].ToString();
            if (dr["PSN"] != DBNull.Value)
                psn = dr["PSN"].ToString();
            if (dr["dtDay"] != DBNull.Value)
                dtday = dr["dtDay"].ToString();
            if (dr["dtMonth"] != DBNull.Value)
                dtmonth = dr["dtMonth"].ToString();
            if (dr["dtYear"] != DBNull.Value)
                dtyear = dr["dtYear"].ToString();
            if (dr["mode_of_contact"] != DBNull.Value)
                settingtype = dr["mode_of_contact"].ToString();
            if (dr["other_mode_of_contact"] != DBNull.Value)
                strOtherTypeOfSetting = dr["other_mode_of_contact"].ToString();
            if (dr["contact"] != DBNull.Value)
                contact = dr["contact"].ToString();
            if (dr["reason_for_contact"] != DBNull.Value)
                reason = dr["reason_for_contact"].ToString();
            if (dr["outcome"] != DBNull.Value)
                outcome = dr["outcome"].ToString().Replace("'", "''");
            if (dr["service_delivery_time"] != DBNull.Value)
                servicetraveltime = dr["service_delivery_time"].ToString();
            if (dr["comment"] != DBNull.Value)
                note = dr["comment"].ToString();

            if (dr["health_screening_recommendations"] != DBNull.Value)
                HealthScreening = dr["health_screening_recommendations"].ToString();

            if (dr["service_completed"] != DBNull.Value)
            {
                service_completed = (string)dr["service_completed"].ToString();
            }
            if (dr["service_complete_date"] != DBNull.Value)
            {
                DateTime dtServicedate = (DateTime) dr["service_complete_date"];
                dtservicemonth = dtServicedate.Month.ToString();
                dtserviceday = dtServicedate.Day.ToString();
                dtserviceyear = dtServicedate.Year.ToString();
            }

            if (dr["followup_by_date"] != DBNull.Value)
            {
                DateTime dtfollowupdate = (DateTime)dr["followup_by_date"];
                dtfollowupbymonth = dtfollowupdate.Month.ToString();
                dtfollowupbyday = dtfollowupdate.Day.ToString();
                dtfollowupbyyear = dtfollowupdate.Year.ToString();
            }

            if (dr["service"] != DBNull.Value)
            {
                service = dr["service"].ToString();
            }

            strScriptParam = "'" + service_id + 
                             "','" + psn + 
                             "','" + dtmonth + 
                             "','" + dtday + 
                             "','" + dtyear + 
                             "','" + settingtype + 
                             "','" + contact + 
                             "','" + reason + 
                             "','" + servicetraveltime + 
                             "','" + outcome.Replace("'", "Å").Replace(Environment.NewLine, "\\n")+ 
                             "','" + note.Replace("'", "Å").Replace(Environment.NewLine, "\\n") + 
                             "','" + strOtherTypeOfSetting.Replace("'", "Å").Replace(Environment.NewLine, "\\n") +
                             "','" + HealthScreening +
                             "','" + service_completed +
                             "','" + dtservicemonth +
                             "','" + dtserviceday +
                             "','" + dtserviceyear +
                             "','" + dtfollowupbymonth +
                             "','" + dtfollowupbyday +
                             "','" + dtfollowupbyyear + 
                             "', '" + service + "'";                          

            e.Row.Attributes.Add("style", "cursor:hand");
            e.Row.Attributes.Add("onclick", "javascript:return ShowGridRow(" + strScriptParam + ");");


            ImageButton lnkDel = (ImageButton)e.Row.FindControl("lnkDel");
            if (lnkDel != null)
                lnkDel.Attributes.Add("onclick", "javascript:ShowGridRow(" + strScriptParam + "); DeleteService('" + dr["service_outcome_id"].ToString() + "');");
        }
    }

This is the error message I get:

Message: Expected ')'

And the code, Which i think, needs to be changed!

 "','" + outcome.Replace("'", "Å").Replace(Environment.NewLine, "\\n")+ 
                             "','" + note.Replace("'", "Å").Replace(Environment.NewLine, "\\n") + 
                             "','" + strOtherTypeOfSetting.Replace("'", "Å").Replace(Environment.NewLine, "\\n") +

Any help is appreciated.


I have no idea if this is the "real" problem, but I feel like saving some grief later:

using System.Linq;

// for each param, encode it as 'xyz', where xyz is properly escaped
// e.g. if the source was foo'bar then xyz is foo\x27bar for a final
// result of 'foo\x27bar' in the output. This is a valid JS literal
// which evaluates to the string foo'bar
var params = (new string[] { service_id, psn, dtmonth, ..., service })
   .Select(p => "'" + JsEncoder.EncodeString(p) + "'");

// Then join all the 'xyz' with commas so result is 'a','b',...'c'
var strScriptParam = string.join(",", params.ToArray());

// note no "javascript:" protocol for onclick
e.Row.Attributes.Add("onclick", "return ShowGridRow(" + strScriptParam + ");");

At least that will generate valid Javascript literals and preserve the ' in the Javascript.

Where JsEncoder is as follows (C#3):

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;

namespace foobar
{
        public class JsEncoder
        {
            static Regex EncodeLiteralRegex;

            // Format a bunch of literals.
            public static string Format (string format, params object[] items)
            {
                return string.Format(format,
                    items.Select(item => EncodeString("" + item)).ToArray());
            }

            // Given a string, return a string suitable for safe
            // use within a Javascript literal inside a <script> block.
            // This approach errs on the side of "ugly" escaping.
            public static string EncodeString (string value)
            {
                if (EncodeLiteralRegex == null) {
                    // initial accept "space to ~" in ASCII then reject quotes 
                    // and some XML chars (this avoids `</script>`, `<![CDATA[..]]>>`, and XML vs HTML issues)
                    // "/" is not allowed because it requires an escape in JSON
                    var accepted = Enumerable.Range(32, 127 - 32)
                        .Except(new int[] { '"', '\'', '\\', '&', '<', '>', '/' });
                    // pattern matches everything but accepted
                    EncodeLiteralRegex = new Regex("[^" +
                        string.Join("", accepted.Select(c => @"\x" + c.ToString("x2")).ToArray())
                        + "]");
                }
                return EncodeLiteralRegex.Replace(value ?? "", (match) =>
                {
                    var ch = (int)match.Value[0]; // only matches a character at a time
                    return ch <= 127
                        ? @"\x" + ch.ToString("x2") // not JSON
                        : @"\u" + ch.ToString("x4");
                });
            }
        }
}

Happy coding.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜