PRB: ASP Variable in HTML Text Box Is Truncated

Exonerare de răspundere pentru conținutul retras din baza de cunoștințe

Acest articol a fost scris despre produsele pentru care Microsoft nu mai oferă asistență. Prin urmare, acest articol este oferit „ca atare” și nu mai va fi actualizat.


If you place an Active Server Pages (ASP) variable in an HTML text box, the variable may be truncated if it contains a space, a double quotation mark, or both.


This problem occurs because the ASP code generates invalid HTML:

strSpace = <INPUT type="text" value=my space>

strBoth = <INPUT type="text" value=I'm 5'-10" tall>
By design, if the value is not enclosed in double quotation marks, HTML assumes that the first space that it encounters represents the end of the value and that the following text represents another tag. In the preceding sample code, HTML assumes that the value tags end at "my" and "I'm," and HTML ignores "space", "5'-10"", and "tall" as invalid tags.


To resolve this problem, wrap the ASP variable in the Server.HTMLEncode method and in double quotation marks. For more information, see the "More Information" section.

More Information

The following code reproduces this behavior:

ASP Variables: <br>
strSpace = "my space"
strDblQuote = "my""doublequote"
strBoth = "I'm 5'-10"" tall"
Response.Write "strSpace = " & strSpace
Response.Write "<br>strDblQuote = " & strDblQuote
Response.Write "<br>strBoth = " & strBoth
HTML Text Boxes:
strSpace = <INPUT type="text" value=<%=strSpace%>>
strDblQuote = <INPUT type="text" value=<%=strDblQuote%>>
strBoth = <INPUT type="text" value=<%=strBoth%>>
The strSpace and strBoth ASP variables are both truncated in the HTML text boxes. However, note that the strDblQuote variable is not truncated.

Resolution 1: Fix the strSpace Variable Only

To fix strSpace, wrap the value in double quotation marks as follows:
strSpace = <INPUT type="text" value="<%=strSpace%>">

strDblQuote = <INPUT type="text" value="<%=strDblQuote%>">

strBoth = <INPUT type="text" value="<%=strBoth%>">
Although this solution fixes strSpace, it truncates strDblQuote. The double quotation mark within the strDblQuote variable was originally interpreted correctly as part of the value; now it is interpreted as the end of the value because it is the first double quotation mark that HTML encounters after the initial double quotation mark.

In addition, the strBoth variable is now truncated for a different reason. Originally, the first space was interpreted as the end of the value; now, the double quotation mark is interpreted as the end of the value:

strSpace = <INPUT type="text" value="my space">

strDblQuote = <INPUT type="text" value="my"doublequote">

strBoth = <INPUT type="text" value="I'm 5'-10" tall">

Resolution 2: Fix All Three Variables

To fix both strDblQuote and strBoth without truncating strSpace, wrap the variables in the Server.HTMLEncode method, as well as in double quotation marks. For example:

strSpace = <INPUT type="text" value="<%=Server.HTMLEncode(strSpace)%>">

strDblQuote = <INPUT type="text" value="<%=Server.HTMLEncode(strDblQuote)%>">

strBoth = <INPUT type="text" value="<%=Server.HTMLEncode(strBoth)%>">
This fix generates valid HTML for all three variables:

strSpace = <INPUT type="text" value="my space">

strDblQuote = <INPUT type="text" value="my&quot;doublequote">

strBoth = <INPUT type="text" value="I'm 5'-10&quot; tall">
NOTE: This solution still requires that you wrap the values in double quotation marks as in the first solution; otherwise, strSpace and strBoth are truncated.


For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

259352 PRB: Server.HTMLEncode Corrupts Unicode Characters and Double-Byte Character Set Data

ID articol: 307406 - Ultima examinare: 11 oct. 2001 - Revizie: 1