how do i escape some characters when saving to db

[Maurice Waka]

I have some strings in request.vars that I'm trying to save to db.

An example is this : ["sure","iii!@#$%^&*()_"]. These strings/lists come from users in an natural language processing (NLP) app being used. 

For example in medical language a bone fracture represented as '#' instead of the whole noun, while 'and' used as '&'. These are commonly used characters that I can avoid to process.

The problem is that when I check the DB, it does not save strings with characters after '#' and '&' characters e.g. 'abcdef!@#$%%%' being saved as 'abcdef!@' or in medical terms: "my patient recently had a # while jogging" is saved .. "my patient recently had a

How can I make sure to save the whole string.

Kind regards

[Christian Varas]

Maybe you can try something like:

db.something.insert(str(XML(request.vars.somevalue, sanitize=True)))

I use this method to escape everything and convert all to string

Then in the view to see the values not encoded use: {{=XML(value)}}

Maybe helps

Cheers.

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/f10fa835-ce3b-491f-a2b2-c057bf38cb5eo%40googlegroups.com.

[Maurice Waka]

I think I got overjoyed somehow. It only worked one time. 

Repeat postings still behave the same.

I did this:

db.my_tasks.insert(messages=str(XML(request.vars.retrievedStuff, sanitize=True)))

On Sunday, July 12, 2020 at 6:06:07 PM UTC+3, Christian Varas wrote:

Maybe you can try something like:

db.something.insert(str(XML(request.vars.somevalue, sanitize=True)))

I use this method to escape everything and convert all to string

Then in the view to see the values not encoded use: {{=XML(value)}}

Maybe helps

Cheers.

El El dom, 12 de jul. de 2020 a la(s) 10:53, Maurice Waka <mauri...@gmail.com> escribió:

I have some strings in request.vars that I'm trying to save to db.

An example is this : ["sure","iii!@#$%^&*()_"]. These strings/lists come from users in an natural language processing (NLP) app being used. 

For example in medical language a bone fracture represented as '#' instead of the whole noun, while 'and' used as '&'. These are commonly used characters that I can avoid to process.

The problem is that when I check the DB, it does not save strings with characters after '#' and '&' characters e.g. 'abcdef!@#$%%%' being saved as 'abcdef!@' or in medical terms: "my patient recently had a # while jogging" is saved .. "my patient recently had a

How can I make sure to save the whole string.

Kind regards

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to web...@googlegroups.com.

[Christian Varas]

You welcome, just keep in mind when you decode a value with XML() it might be interpreted as HTML, and may lead to Cross Site Scripting (XSS) attacks.

If an user craft an input like #something”><script>alert(‘XSS’);<script> when is decoded in the view,  might be interpreted. Before the value is inserted in DB is good idea to remove values like: >,< and maybe others.

Cheers

El El dom, 12 de jul. de 2020 a la(s) 11:15, Maurice Waka <mauri...@gmail.com> escribió:

Wow it works !

Thanks a lot!

Regards

To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/1a79beb0-c01b-4e61-ad7d-783dc1e0a3feo%40googlegroups.com.