Search code examples
sql-serverunicodevbscriptasp-classic

Storing unicode like ✅ from form to db

I cannot get unicode characters from form to db

The webdesigner/seo-guy wants to use an unicode character ✅ (9989, which shows up as a whute checkmark in a green box.

The data in the CMS is entered through a form, both a

If I paste the ✅ directly into database, using Mssql SSMS, character is seem in the field, and unicode(field) is 9989.

The asp can retrieve the ✅ and put it as value in the html form.

I post the form, the page shows the form sends the correct code, ✅. the page then post the contents and retrieves it again, but the value stored is not ✅ but "?", char 63.

So DB->form is ok, form->DB is broken.

My page starts with

<% Response.Charset="UTF-8"%>
<% Response.codepage="65001" %>

<form method='post' accept-charset="utf-8">

The field in the db is nvarchar, SQL_Latin1_General_CP1_CI_AI though I tried Danish_Norvegian too, no difference.

edit

I have the insert wrapped in a function, but unwrapped it's like this:

Set cmd = Server.CreateObject("ADODB.Command")
Set cmd.ActiveConnection = connection 
cmd.CommandType = 1 ' adCmdText
cmd.CommandText = "update t_kat set meta_title=?,meta_description=? where id=?"

cmd.Parameters.Append cmd.CreateParameter("",adVarChar,1,255, request.form("meta_title"))
cmd.Parameters.Append cmd.CreateParameter("",adVarChar,1,255, request.form("meta_description"))
cmd.Parameters.Append cmd.CreateParameter("",adInteger,1,255, request.form("id")

cmd.Execute

EDIT 2 It works if I say server.htmlencode(request.form("meta_description")) but then ✅æøåÆØÅ gets stored in the db as &#9989;&#230;&#248;&#229;&#198;&#216;&#197; which I'd rather avoid. In worst case, id accept the "wierd" characters as &#9989 but I prefer the other characters as-is. But I don't think there is an option to select which characters are replaced.

I could do a replace of each "weird" charactes to %#nnnnformat (I don't think he uses that many) in the CMS frontend before storing, but I'd rather not go there either.

Solution

  • SOLVED! The parameter should be the right type:

    cmd.Parameters.Append cmd.CreateParameter("",adVarWChar,1,255, request.form("meta_title")

    adVarWChar instead of adVarChar

    I think only quotes are in need of being replaced when using the data in a input text form

    <input type='text' name="meta_title" value="<%=replace("""","&quot;",res("meta_title"))%>">

    This is to prevent invalid HTML like <input type="text" value="The 11'8" bridge">

    Turning it into <input type="text" value="The 11'8&quot; bridge">

    If used as text, the < needs escaping;

    <B>one<two</B>