0

the description should look like - Aircraft Configuration function in the <TypeCode> field. but it's displaying in DB as it is but when checked in UI by retrieving it's displaying like ---"Aircraft Configuration function in the field." here the <typecode> converted into HTML in UI screen.

what other ways I have tried are: 

update tblApplicationParam 
    set fldValueDescription = 'Aircraft Configuration function in the /<TypeCode/> field'

still it didn't fix my problem.

when parameter retrieved in UI screen the description should show up like this --Aircraft Configuration function in the <TypeCode> field.

James Z
  • 12,209
  • 10
  • 24
  • 44
ash
  • 1
  • This is not a SQL question but an HTML one. Changing the tag. – The Impaler Oct 03 '19 at 17:10
  • How are you displaying that value in the UI? – Hans Kesting Oct 03 '19 at 17:14
  • 1
    The problem is not in the database, you don't need to escape anything there. However, you should escape it when you output it at the medium of your choice, in this case HTML. Depending on the programming language you use, you use functions like `htmlspecialchars()` in PHP. – Progman Oct 03 '19 at 17:18
  • it's not HTML .its just an update script to update description where one word in between the description says . which shows well in DB but in UI screen that word itself gone. when I checked in F12 realized that it converted into HTML. – ash Oct 03 '19 at 17:53
  • @ash When the text which looks like HTML is "converted into HTML" then it is most likely HTML. Saying "checked in F12" suggest you are using a browser, which renders HTML. Depending on the programming language you have to escape the text before showing it. Please add the source code to your question and add the tags of the programming language you are using to your question as well. – Progman Oct 04 '19 at 16:01

1 Answers1

2

encode < as &lt; and > as &gt; -- you could either do it in your code with your chosen language's preferred HTML escaping method, or you could do it in SQL, but this means you'd have to update the SQL every time you encountered a symbol that has special meaning in HTML. You should prefer to use a HTML escaping function in your code.

x0n
  • 51,312
  • 7
  • 89
  • 111
  • 1
    Don't store the text in encoded form, but encode it just before displaying - that way you can encode it for "this particular" UI technology, even when you add a new one – Hans Kesting Oct 04 '19 at 06:30