Guestbook

Brug en If statement, hvor du kan lave en fejlmelding på diverse bogstaver.
Se evt. www.papkassen.dk
når du indtaster en html tag <?> kommer dene med en fejlmelding.
Jeg har ikke skrevet koden, da man lærer bedst ved selv at forsøge, men er du desperat, så skriv lige igen.

Jeg er MEGET desperat!! hehe

Du kan bare lave ">" og "<" om til HTML

Prøv dette:

besked=Replace(Request.Form("besked"), "<", "&lt;")

besked=Replace(besked,">", "&gt;")

Så får du da lige løsningen!

Hvis du f.eks. har et felt der hedder "Indhold" som folk ikke må bruge HTML koder i laver du dette:

Tekst = Server.HTMLEncode(Request.Form("Indhold"))

Når du så skal smide data ind i tabellen er det variablen Tekst du skal bruge.

Så vil HTML koder ikke blive aktiveret

Winther: Det var da en bøvlet måde... nu håber jeg ikke du får pointene :-)

Brug den her funktion til at skrive teksten ud fra databasen til html siden:

Function Text2HTML(ByRef strText)
  DIM strSrc
  strSrc = strText
  strSrc = Replace(strSrc,"<","&LT;",1)
  strSrc = Replace(strSrc,">","&GT;",1)
  Text2HTML = strSrc
End Function

F.eks:

Response.Write( Text2HTML( RS("Text") ) )

mvh Flemming

jeg synes boomers metode er den mest rigtige "ASP" metode, da man også kan se hvem der har prøvet at skrive html koder i sit indlæg (hvis de da har skrevet nogle oplysninger der passer)

Her er min kode... Boomer hvor skal jeg sætte dit kode ind, og hvordan skal det ændres?????

----


  Set Rs = Server.CreateObject("ADODB.Connection")
  DBPath = "DBQ=" & server.mappath("gbdb.mdb")
  Rs.Open "DRIVER={Microsoft Access Driver (*.mdb)}; " & DBPath

  If Request.Servervariables("Content_Length") > 0 then
    Sql = "Insert into t_gaestebog (Fra, Dato, email, http, Tekst) values('" & Request("Fra") & "','" & Now() & "','" & Request("email") & "','" & Request("webside") & "','"  & Request("Besked") & "')"
    Rs.Execute(Sql)
    Response.Write strongfont & "Tak for det...</font></Strong><br><br>"
  end if

  If "" = Request.QueryString("Mode") then
    Sql = "Select * from T_gaestebog order by dato DESC"
    Set Record =  Rs.Execute(Sql)
    response.write "<html><head><title>Gæstebog</title></head><body>"
    response.write strongfont & "Gæstebogen</font></strong>"

    response.write "<table border='0' width='500'>"
    Do While Not Record.EOF
      response.write "<tr><td bgcolor='" & linecolor & "' colspan='2'></td></tr>"
      response.write "<tr><td width='0' align='right'>" & font & "Navn:</td>"
      response.write "<td width='100%'>" & font & Record("Fra") & "</td></tr>"
      response.write "<tr><td width='0' align='right'>" & font & "Twat:</td>"
      response.write "<td width='100%'>" & font & Record("Twat") & "</td></tr>"
      response.write "<tr><td width='0' align='right'>" & font & "E-Mail:</td>"
      response.write "<td width='100%'>" & font & "<a href='mailto:" & Record("Email") & "'>" & Record("Email") & "</a></td></tr>"
      response.write "<tr><td width='0' align='right'>" & font & "Webside:</td>"
      response.write "<td width='100%'>" & font & "<a href='" & Record("http") & "'>" & Record("http") & "</a></td></tr>"
      response.write "<tr><td width='0' align='right'>" & font & "Dato:</td>"
      response.write "<td width='100%'>" & font & Record("dato") &"</td></tr>"
      response.write "<tr><td width='0' align='right' valign='top'>" & font & "Besked:</td>"
      response.write "<td width='100%'>" & font & Record("Tekst") & "</td></tr>"

    Record.MoveNext
    Loop
    response.write "</table>"
    Record.Close
    RS.Close
  end if

  If "add" = Request.QueryString("Mode") then
    response.write strongfont & "Skriv i gæstebogen</strong>"
    response.write "<form method='POST' action='" & Request.ServerVariables("SCRIPT_NAME") & "'>"
    response.write "<div align='left'><table border='0' width='50%'>"
    response.write "<tr><td valign='top' align='right' colspan='2' bgcolor='" & linecolor & "'></td></tr>"
    response.write "<tr><td valign='top' align='right'>" & font & "Navn:</td>"
    response.write "<td valign='top'>" & font & "<input type='text' name='Fra' size='40'></td></tr>"
    response.write "<tr><td valign='top' align='right'>" & font & "Twat:</td>"
    response.write "<td valign='top'>" & font & "<input type='text' name='Twat' size='40'></td></tr>"
    response.write "<tr><td valign='top' align='right'>" & font & "E-Mail:</td>"
    response.write "<td valign='top'>" & font & "<input type='text' name='email' size='40'></td></tr>"
    response.write "<tr><td valign='top' align='right'>" & font  & "Webside:</td>"
    response.write "<td valign='top'>" & font & "<input type='text' name='webside' size='40' value='http://'></td></tr>"
    response.write "<tr><td valign='top' align='right'>" & font & "Besked:</td>"
    response.write "<td valign='top'>" & font & "<textarea rows='5' name='Besked' cols='40'></textarea></td></tr>"
    response.write "<tr><td colspan='2' valign='top' align='right'><div align='center'><center><p>" & font & "<input type='submit' value='Send' name='B1'>&nbsp;&nbsp;&nbsp; <input type='reset' value='Slet' name='B2'></td></tr>"
    response.write "<tr align='center'><td colspan='2' valign='top' align='right' bgcolor='" & linecolor & "'></td></tr></table>"
    response.write "</form></body></html>"
  end if

Jeg vil nok foretrække først at lave teksten om til html idet du hiver den ud af databasen. Hvis du nu får lyst til at lave en søgemulighed er det noget ged at der står html tegn i basen.

Server.HTMLEncode har vist den ulempe at den giver fejl hvis variablen en tom.

Sådan her:


Set Rs = Server.CreateObject("ADODB.Connection")
  DBPath = "DBQ=" & server.mappath("gbdb.mdb")
  Rs.Open "DRIVER={Microsoft Access Driver (*.mdb)}; " & DBPath

  If Request.Servervariables("Content_Length") > 0 then
    Sql = "Insert into t_gaestebog (Fra, Dato, email, http, Tekst) values('" & Request("Fra") & "','" & Now() & "','" & Request("email") & "','" & Request("webside") & "','"  & Request("Besked") & "')"
    Rs.Execute(Sql)
    Response.Write strongfont & "Tak for det...</font></Strong><br><br>"
  end if

  If "" = Request.QueryString("Mode") then
    Sql = "Select * from T_gaestebog order by dato DESC"
    Set Record =  Rs.Execute(Sql)
    response.write "<html><head><title>Gæstebog</title></head><body>"
    response.write strongfont & "Gæstebogen</font></strong>"

    response.write "<table border='0' width='500'>"
    Do While Not Record.EOF
      response.write "<tr><td bgcolor='" & linecolor & "' colspan='2'></td></tr>"
      response.write "<tr><td width='0' align='right'>" & font & "Navn:</td>"
      response.write "<td width='100%'>" & font & Record("Fra") & "</td></tr>"
      response.write "<tr><td width='0' align='right'>" & font & "Twat:</td>"
      response.write "<td width='100%'>" & font & Record("Twat") & "</td></tr>"
      response.write "<tr><td width='0' align='right'>" & font & "E-Mail:</td>"
      response.write "<td width='100%'>" & font & "<a href='mailto:" & Record("Email") & "'>" & Record("Email") & "</a></td></tr>"
      response.write "<tr><td width='0' align='right'>" & font & "Webside:</td>"
      response.write "<td width='100%'>" & font & "<a href='" & Record("http") & "'>" & Record("http") & "</a></td></tr>"
      response.write "<tr><td width='0' align='right'>" & font & "Dato:</td>"
      response.write "<td width='100%'>" & font & Record("dato") &"</td></tr>"
      response.write "<tr><td width='0' align='right' valign='top'>" & font & "Besked:</td>"
      response.write "<td width='100%'>" & font & Server.HTMLEncode(Record("Tekst")) & "</td></tr>"

    Record.MoveNext
    Loop
    response.write "</table>"
    Record.Close
    RS.Close
  end if

  If "add" = Request.QueryString("Mode") then
    response.write strongfont & "Skriv i gæstebogen</strong>"
    response.write "<form method='POST' action='" & Request.ServerVariables("SCRIPT_NAME") & "'>"
    response.write "<div align='left'><table border='0' width='50%'>"
    response.write "<tr><td valign='top' align='right' colspan='2' bgcolor='" & linecolor & "'></td></tr>"
    response.write "<tr><td valign='top' align='right'>" & font & "Navn:</td>"
    response.write "<td valign='top'>" & font & "<input type='text' name='Fra' size='40'></td></tr>"
    response.write "<tr><td valign='top' align='right'>" & font & "Twat:</td>"
    response.write "<td valign='top'>" & font & "<input type='text' name='Twat' size='40'></td></tr>"
    response.write "<tr><td valign='top' align='right'>" & font & "E-Mail:</td>"
    response.write "<td valign='top'>" & font & "<input type='text' name='email' size='40'></td></tr>"
    response.write "<tr><td valign='top' align='right'>" & font  & "Webside:</td>"
    response.write "<td valign='top'>" & font & "<input type='text' name='webside' size='40' value='http://'></td></tr>"
    response.write "<tr><td valign='top' align='right'>" & font & "Besked:</td>"
    response.write "<td valign='top'>" & font & "<textarea rows='5' name='Besked' cols='40'></textarea></td></tr>"
    response.write "<tr><td colspan='2' valign='top' align='right'><div align='center'><center><p>" & font & "<input type='submit' value='Send' name='B1'>&nbsp;&nbsp;&nbsp; <input type='reset' value='Slet' name='B2'></td></tr>"
    response.write "<tr align='center'><td colspan='2' valign='top' align='right' bgcolor='" & linecolor & "'></td></tr></table>"
    response.write "</form></body></html>"
  end if

eller med fejl kontrol
Set Rs = Server.CreateObject("ADODB.Connection")
  DBPath = "DBQ=" & server.mappath("gbdb.mdb")
  Rs.Open "DRIVER={Microsoft Access Driver (*.mdb)}; " & DBPath

  If Request.Servervariables("Content_Length") > 0 then
    Sql = "Insert into t_gaestebog (Fra, Dato, email, http, Tekst) values('" & Request("Fra") & "','" & Now() & "','" & Request("email") & "','" & Request("webside") & "','"  & Request("Besked") & "')"
    Rs.Execute(Sql)
    Response.Write strongfont & "Tak for det...</font></Strong><br><br>"
  end if

  If "" = Request.QueryString("Mode") then
    Sql = "Select * from T_gaestebog order by dato DESC"
    Set Record =  Rs.Execute(Sql)
    response.write "<html><head><title>Gæstebog</title></head><body>"
    response.write strongfont & "Gæstebogen</font></strong>"

    response.write "<table border='0' width='500'>"
    Do While Not Record.EOF
      response.write "<tr><td bgcolor='" & linecolor & "' colspan='2'></td></tr>"
      response.write "<tr><td width='0' align='right'>" & font & "Navn:</td>"
      response.write "<td width='100%'>" & font & Record("Fra") & "</td></tr>"
      response.write "<tr><td width='0' align='right'>" & font & "Twat:</td>"
      response.write "<td width='100%'>" & font & Record("Twat") & "</td></tr>"
      response.write "<tr><td width='0' align='right'>" & font & "E-Mail:</td>"
      response.write "<td width='100%'>" & font & "<a href='mailto:" & Record("Email") & "'>" & Record("Email") & "</a></td></tr>"
      response.write "<tr><td width='0' align='right'>" & font & "Webside:</td>"
      response.write "<td width='100%'>" & font & "<a href='" & Record("http") & "'>" & Record("http") & "</a></td></tr>"
      response.write "<tr><td width='0' align='right'>" & font & "Dato:</td>"
      response.write "<td width='100%'>" & font & Record("dato") &"</td></tr>"
      response.write "<tr><td width='0' align='right' valign='top'>" & font & "Besked:</td>"
      if not Record("Tekst") = "" then
      response.write "<td width='100%'>" & font & Server.HTMLEncode(Record("Tekst")) & "</td></tr>"
      end if
    Record.MoveNext
    Loop
    response.write "</table>"
    Record.Close
    RS.Close
  end if

  If "add" = Request.QueryString("Mode") then
    response.write strongfont & "Skriv i gæstebogen</strong>"
    response.write "<form method='POST' action='" & Request.ServerVariables("SCRIPT_NAME") & "'>"
    response.write "<div align='left'><table border='0' width='50%'>"
    response.write "<tr><td valign='top' align='right' colspan='2' bgcolor='" & linecolor & "'></td></tr>"
    response.write "<tr><td valign='top' align='right'>" & font & "Navn:</td>"
    response.write "<td valign='top'>" & font & "<input type='text' name='Fra' size='40'></td></tr>"
    response.write "<tr><td valign='top' align='right'>" & font & "Twat:</td>"
    response.write "<td valign='top'>" & font & "<input type='text' name='Twat' size='40'></td></tr>"
    response.write "<tr><td valign='top' align='right'>" & font & "E-Mail:</td>"
    response.write "<td valign='top'>" & font & "<input type='text' name='email' size='40'></td></tr>"
    response.write "<tr><td valign='top' align='right'>" & font  & "Webside:</td>"
    response.write "<td valign='top'>" & font & "<input type='text' name='webside' size='40' value='http://'></td></tr>"
    response.write "<tr><td valign='top' align='right'>" & font & "Besked:</td>"
    response.write "<td valign='top'>" & font & "<textarea rows='5' name='Besked' cols='40'></textarea></td></tr>"
    response.write "<tr><td colspan='2' valign='top' align='right'><div align='center'><center><p>" & font & "<input type='submit' value='Send' name='B1'>&nbsp;&nbsp;&nbsp; <input type='reset' value='Slet' name='B2'></td></tr>"
    response.write "<tr align='center'><td colspan='2' valign='top' align='right' bgcolor='" & linecolor & "'></td></tr></table>"
    response.write "</form></body></html>"
  end if

Tak! Jeg elsker dette forum!

Dont we all!

hehe