ColdFusion - How to output single quotes into a text field?

I am using ColdFusion 9.

I can't find a means to successfully output a single quote into a text field.

I create form fields using a CFSCRIPT user defined function. (I've minimiz开发者_如何学Pythoned the options for the sake of simplicity for this example.)

When my output contains a single quote, the text field gets totally screwed up, be sure to run the example and view the HTML. I have tried using PreserveSingleQuotes() every conceivable way possible.

// USE EITHER STRING
MyString = "This string works fine.";
MyString = "This single quote's the problem!";
writeOutput(createInputBox(MyString));

// CREATE TEXT INPUT
function createInputBox(Value) {
    LOCAL.Properties = " value='#preserveSingleQuotes(ARGUMENTS.Value)#'";
    LOCAL.Item = "<input size='50' type='text' #LOCAL.Properties# />";
    return LOCAL.Item;
}

Do you know of a solution? ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ANSWER

Get rid of the preserveSingleQuotes() function, as it does nothing outside of a SQL block. (Thanks Adam!).

LOCAL.Properties = " value='#ARGUMENTS.Value#'";

Then, get rid of the single quotes and replaced with escaped double quotes:

LOCAL.Properties = " value=""#ARGUMENTS.Value#""";

This will still choke on strings like this though:

MyString = "This is my F#@'''""$":""ing  problem!";

So, add the htmlEditFormat() function like this:

LOCAL.Properties = " value=""#htmlEditFormat(ARGUMENTS.Value)#""";

Thanks for the help!!!

A single quote should not give you a problem in an attribute value in HTML, unless: * you're not quoting the attribute values, eg:

<input value=#myvar#>

The solution here is to quote your attributes, eg:

<input value="#myvar#">

or * you are quoting your attributes, but are using single quotes :

<input value='#myVar#'>

Will end up being:

<input value='value with a ' in it'>

This - of course is invalid mark-up: the browser sees the value as 'value with a ', and the rest of it is just garbage.

If you need to do this: * switch to using double-quote delimiters * use htmlEditFormat() around your variable value (this will escape embedded double-quotes).

To troubleshoot this sort of thing, ALWAYS look at the HTML source. This will help you work out what's going on.

NB: to everyone mentioning preserveSingleQuote(): this function does NOTHING outside of a CFQUERY block. So it's not going to help here.

The issue you're experiencing relates to the character delimiters for the value field. If you use single quotes as field delimiters, and a single quote is provided by your app, there will be a problem. One ways I've dealt with this in the past is to use double quotes for the field. The line shown below should plug into your code:

LOCAL.Properties = " value=""#preserveSingleQuotes(ARGUMENTS.Value)#""";

The approach shown by Sean Kimball is equally valid. Depending on the situation, I've used both approaches.

There was another comment re: preserveSingleQuotes. I can't say that I've used this outside of database calls, but if it works for you in this situation, I've learned something, too!

// CREATE TEXT INPUT
function createInputBox(Value) {
    LOCAL.Properties = ' value="' &#preserveSingleQuotes(ARGUMENTS.Value)#& '"';
    LOCAL.Item = '<input size="50" type="text" #LOCAL.Properties# />';
    return LOCAL.Item;
}

// USE EITHER STRING
MyString = "This string works fine.";
MyString = "This single quote's the problem!";
writeOutput(createInputBox(MyString));