The HTMLEncode method applies HTML encoding to the specified text string. Its typical use is to display the contents of text fields contained in the database in HTML. Characters in the string such as “<” and “&” that have special meanings in HTML are converted into their HTML equivalents, such as <
; and &
so that they will be displayed correctly by the client browser.
Page.HTMLEncode(String)
The following example displays the contents of the company_name
field as an <H1> tag:
<H1><% = mscsPage.HTMLEncode(companyinfo.company_name) %></H1>
Assuming that the field contains the name Lakes & Sons, the previous example returns the following HTML string:
<H1>Lakes & Sons</H1>
The following example creates a text field in a form, using as the initial value the contents of the query string argument myString
. Because this string might contain a character such as double-quote ("), which would be interpreted incorrectly on the page, the string is first encoded with the HTMLEncode method.
<INPUT TYPE="TEXT" NAME="myString" VALUE="<% = mscsPage.HTMLEncode(Request("myString")) %>">
The following example, from Clocktower’s Default.asp, displays the name of a department, where rsDeptlist
is a recordset resulting from a query. Note the use of the Value property:
<% = mscsPage.HTMLEncode(rsDeptlist("dept_name").Value) %>
If the text field to be displayed already contains HTML encoding, do not use the HTMLEncode method. For example, suppose your product_descr
field contains HTML-encoded text such as “The <I>Classic Diner Clock</I> brings the age of the "Golden Oldies" to your kitchen.
” This string uses the <I> tag to format italic text and the "
sequence to display quotation marks when displayed by the client browser. Because the string is already coded in HTML, you do not need to encode it again. Double-encoding the string would produce incorrect results.
Page.HTMLEncode is identical to Page.Encode, but HTMLEncode is the preferred name. The method is similar to Server.HTMLEncode except that the Page.HTMLEncode method handles Null values by returning an empty string (Server.HTMLEncode fails when the String parameter is Null). This distinction is important because a database queries can return Null.