I just need someone to talk me through/ explain how to insert and then display special characters into an MSSQL2000 database.
I have a form with a textarea which submits to a new page, thie new page should display the form data *exactly* as it was entered in the form, including returns, double quotes, < and >, and any special character.
This display page will then submit this [login to view URL]("varfromtextarea") to a new page which inserts the form data to as a parametere to a stored procedure. I *dont* need the forms, commands, or stored procedures coded. I ONLY need someone with experience to explain what i have to do to the form data to 1) display the form data (with special characters) on the page proceeding the form and 2) explain how to insert this form data into the database (i.e. do i use [login to view URL] or some replace function(s)) and 3) How do i display this data from the database while preserving all special characters (i know how to display data from a database using asp, the problem i am having is displaying special characters).
e.g. I have a form textarea in which i input
<test input>
"test input"
test input
'test input'
<%test input%>
etc etc etc
This form data is displayed on the following page exactly as input in the textarea.(Do i use [login to view URL] to display it, or combine with Replace())
So how do insert this into the database and then display the database field from another asp page while preserving all special characters.
I would also appreciate some code or ideas (maybe functions) to prevent any malicious input at the same time (maybe from sql injection).
Any questions, please email.
## Deliverables
1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done. 2) Installation package that will install the software (in ready-to-run condition) on the platform(s) specified in this bid request. 3) Complete ownership and distribution copyrights to all work purchased.
## Platform
Windows, IIS, ASP, VBScript.