1

In our application we have a textfield that is controlled by TinyMCE. If the customer pastes text from Word into the textfield, Oracle balks when we are trying to store this text in our database:

ORA-01461: can bind a LONG value only for insert into a LONG column

Cleaning the text in, say Notepad, will not produce any problems, so my guess is that the problem lies in the input string containing some kind of binary junk that Oracle uses as a delimiter between the values that are used in the sql insert string.

Upgrading our ancient TinyMCE will probably fix the problem, but I also want to ensure the text really is clean when passed to the lower layers. So I thought that I might ensure the text is true ASCII, and if not, clean everything that does not pass as ASCII by looping through the lines in the input and do the following:

line.replaceAll("[^\\p{ASCII}]", "")

Is this a viable solution, and if not, what are the pitfalls?

oligofren
  • 20,744
  • 16
  • 93
  • 180
  • You understand that editing this data lateron with the same control will not work since you lost information in the replaceAll process? – TheBlastOne Mar 26 '12 at 10:01
  • Not quite sure I do. By control, you mean the tincymce widget? I just want to make sure that the data is clean when hitting lower layers. Usually, the text is input into the field, the user presses save, and the text is passed down into the lower layers. It is further down I want to make sure that the data is clean. Using TinyMCE scripts leaves all the trust to the client. I want to ensure the integrity at a level outside of the client's control. – oligofren Mar 28 '12 at 16:45
  • I see. Yes I refer to the widget. I mean if you clean up before storing the data, you must "unclean" it after retrieval so the widget sees the data the way it needs it to present it correctly. – TheBlastOne Mar 29 '12 at 03:30
  • In our case, the data is not saved until someone hits "Save", at which time the dialog box is closed. The next time someone edits the text, the text is retrieved from the db, so what you see is what is in the database. I do not see the trouble in this case. I would see a problem if there was some kind of AJAX saving going on, but not here. Or am I mistaken? – oligofren Apr 12 '12 at 08:01
  • 1
    If you remove stuff from the data before storing it, it will be missing after retrieval, except if it is not significant data, like whitespaces would be. That´s what I am pointing to. If you clean the string to send it to the lower layers, the db will store that one, not the original one. If you later read and re-insert the cleaned string into the widget, it won´t display the same content as originally upon save, will it? I cannot know. I just mean you might lose data. – TheBlastOne Apr 16 '12 at 05:56
  • well, in that case, I DO intentionally mean to "lose" data :) If the original (uncleaned) data hits the underlying layers, the application blows up. security checks at every junction where user might pass invalid data is what I am after, and it seems what I am doing might be right. – oligofren Apr 16 '12 at 11:16
  • Ah *now* I got it. Okay. – TheBlastOne Apr 17 '12 at 10:46

1 Answers1

0

What about cleaning the pastes content like i described here? This might also remove junk.

Community
  • 1
  • 1
Thariama
  • 50,002
  • 13
  • 138
  • 166
  • While TinyMCE (in a newer version, or with your script) can be made to clean the data, I want to ensure the integrity at a level outside of the client's control. – oligofren Mar 28 '12 at 16:46