Microsoft KB Archive/296345

= PRB: Quotation Mark Character (&quot;) as Part of Product ID Causes the Product.asp Page to Fail =

Article ID: 296345

Article Last Modified on 10/22/2003

-

APPLIES TO


 * Microsoft Commerce Server 2002 Standard Edition
 * Microsoft Commerce Server 2000 Standard Edition

-



This article was previously published under Q296345



SYMPTOMS
When you try to view a product while visiting a Commerce Server store, you may receive the following error message:

The product you requested is not currently available through this catalog



CAUSE
This problem occurs because a quotation mark (&quot;) is part of the product ID. When a quotation mark character is used in a product name, the character is stripped out of the product ID, which makes the product inaccessible in the catalog.



RESOLUTION
To resolve this problem, do one of the following:
 * Do not use the quotation mark character in the product ID.

-or-
 * Change the GetRequestString function, which is located in the std_url_lib.asp, to remove the line that strips out the quotation character from product IDs.



STATUS
This behavior is by design.



MORE INFORMATION
The GetRequestString function includes code to remove the quotation mark character (&quot;), the &quot;less than&quot; character (<), and the &quot;greater than&quot; character (>) from the product ID. For example, this changes a product ID of Product&quot;1 to Product1. As a result, the application cannot find the product in the catalog during the product lookup.

The application code is written to strip these values from the product ID to try to secure the site against the possibility of a script being introduced to the site and then run by visiting the script as a product.

The Std_url_lib.asp file, which is located in the \Include folder, contains the following function: Function GetRequestString(ByVal sName, ByVal vtDefault) GetRequestString = MSCSAppFrameWork.RequestString(sName, vtDefault) If Not IsNull(GetRequestString) Then GetRequestString = Trim(GetRequestString) GetRequestString = Replace(GetRequestString, &quot;&quot;&quot;&quot;, &quot;&quot;) 'Strip quotes $$ Raise warning? GetRequestString = Replace(GetRequestString, &quot;>&quot;, &quot;&quot;) GetRequestString = Replace(GetRequestString, &quot;<&quot;, &quot;&quot;) End If End Function If you use the second of the two options in the &quot;Resolution&quot; section, you can comment out the line GetRequestString = Replace(GetRequestString, &quot;&quot;&quot;&quot;, &quot;&quot;) 'Strip quotes $$ Raise warning? by using an apostrophe (') so that the quote character is not replaced. This permits the product to be selected in the browser.

Additional query words: plutonium

Keywords: kbprb kbpending KB296345

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.