escaping

I hope that I have titled this question appropriately. Bit of a mixed subject here. I have created a function in C# that creates an Active Directory User. Using an LDAP string that needs to look like this: userinfo.displayName = "Surname, Firstname" CN=" + userinfo.displayName, "user" The following exception message is passed back, because of the comma being in the string. An invalid dn syntax has been specified. The full dn after the string has been applied is as following "CN=Surname**,** Lastname,OU=Users,DC="Foo",DC="net" The comma in the common name CN= is the problem... Is there a way

I'm reading in an absolute pathname from an ini file and storing the pathname as a String value in my program. However, when I do this, the value that gets stored somehow seems to be losing the backslash so that the path just comes out one big jumbled mess? For example, the ini file would have key, value of: key=C:\folder\folder2\filename.extension and the value that gets stored is coming out as C:folderfolder2filename.extension . Would anyone know how to escape the keys before it gets read in? Let's also assume that changing the values of the ini file is not an alternative because it's not a

I'm having trouble properly displaying values that contain escaped characters (i.e. apostrophes are stored as \' and not ' and brackets are > and < rather than > and < ). Items stored in my database have the characters ( ' < > ) escaped to ( \' < > ), respectively. When I try to dynamically add them to the page with JavaScript, they print out in the escaped form in Firefox, rather than returning to their normal values like in IE ( < is being printed to the HTML rather just < ). <html> <head> <script type="text/javascript"> $(document).ready(function() { var str = ">"; $(document.body).html(str

What is the best way to escape strings for sql inserts, updates? I want to allow special characters including ' and ". Is the best way to search and replace each string before I use it in an insert statement? Thanks Duplicate of: Best way to defend against mysql injection and cross site scripting You should be using parameterized queries (so by extension, a DB interface library that supports parameterized queries) so that SQL injection can't happen. If you're talking about data values for your fields, then the best way is to use mysql_real_escape_string() . (Some people like mysqli ; can't say

I used BeautifulSoup to handle XML files that I have collected through a REST API. The responses contain HTML code, but BeautifulSoup escapes all the HTML tags so it can be displayed nicely. Unfortunately I need the HTML code. How would I go on about transforming the escaped HTML into proper markup? Help would be very much appreciated! I think you want xml.sax.saxutils.unescape from the Python standard library. E.g.: >>> from xml.sax import saxutils as su >>> s = '<foo>bar</foo>' >>> su.unescape(s) '<foo>bar</foo>' You could try the urllib module? It has a method unquote() that might suit your

I'm trying to write an sql function in Postgresql that will parse a file path. I want to return just the file name. I cannot get past getting an accurate text string in the function. Here is the function: Function: job_page("inputText" text) DECLARE $5 text; BEGIN $5 = quote_literal("inputText"); return $5; END When I run this: select job_page('\\CAD_SVR\CADJOBS\7512-CEDARHURST ELEMENTARY SCHOOL\7512-20.DWG') I get this result: "E'\\CAD_SVRCADJOBSé2-CEDARHURST ELEMENTARY SCHOOLé2-20.DWG'" Postgresql interprets the slash followed by certain characters as a special character. How do I escape?

Does Flask's url_for method have an option to disable autoescaping? So if I have an endpoint called getUser with a route like this: /user/<userID> , I want to call url_for('getUser', userID='%') and have it return /user/% . Currently it will escape the % symobl and give out /user/%25 . I want to do that because url_for has to run at template compile-time, but the final URL is composed when a javscript script runs. I will be using a javascript string substitution method to convert /user/% into /user/abcd , but the substitution script I'm using requires you to use a % symbol as the placeholder.

Im working on a program to interface with some hardware that is sending data that has been encoded and wrapped to send within a CDATA block in an XML document. the software in the device as far as I know is written in Python and i'm writing the interface in Delphi. the data the device sends is this \x00E\x18\x10\x14}*UF!A\x81\xac\x08&\x02\x01\n\x15\x1a\xc2PP\x92\x17\xc2\xc1\xa0\x0e\x1a\xc2\xd0K\x94\'\x830\x11\x8b \x84a_\xa0+\x04\x81\x17\x89\x15D\x91B\x05.\x84\xf1\x1b\x89%E\x00\x04\x9c\x0e\xc5\xc1=\x87\x0bE\xf18\x07\x1f\xc8a\xa5\x95\x08H\x80?\x84\x18\tPK\x8a$\t\xf1\xb2\x8e(J\xb0\x08\x91\x1eJ

Confused about escape string and how it is stored in the database In my MySQL call, I escaping a string with a backslash: UPDATE `TABLE` SET `PERSONAL_BELONGINGS` = 'Tom\'s things' But when I look in the phpadmin - the value was saved like this: |Tom's things| Why is the backslash not saved into the database? This causes problems when I read this value into javascript and then try passing it around - my javascript strings will terminate. This is why I escaped the character to begin with. Why is MySQL removing the '\' backslash before it is saved into the database? If not saving it in the

I have a Windows application and on events, it calls a command like this: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass "G:\test.ps1 -name '%x' -data '%y'" The name parameter sometimes has ' in it. Is it possible to escape that somehow? This is actually a lot trickier than you'd think. Escaping nested quotes in strings passed from cmd to PowerShell is a major headache. What makes this one especially tricky is that you need to make the replacement in a variable expanded by cmd in the quoted argument passed to powershell.exe within a single-quoted argument