PRB: Quotation Mark Character (") as Part of Product ID Causes the Product.asp Page to Fail (296345)
The information in this article applies to:
- Microsoft Commerce Server 2002
- Microsoft Commerce Server 2000
This article was previously published under Q296345 SYMPTOMS
When you try to view a product while visiting a Commerce Server store, you may receive the following error message:
The product you requested is not currently available through this catalog
CAUSE
This problem occurs because a quotation mark (") is part of the product ID. When a quotation mark character is used in a product name, the character is stripped out of the product ID, which makes the product inaccessible in the catalog.
RESOLUTION
To resolve this problem, do one of the following:
- Do not use the quotation mark character in the product ID.
-or-
- Change the GetRequestString function, which is located in the std_url_lib.asp, to remove the line that strips out the quotation character from product IDs.
STATUSThis behavior is by design.MORE INFORMATION
The GetRequestString function includes code to remove the quotation mark character ("), the "less than" character (<), and the "greater than" character (>) from the product ID. For example, this changes a product ID of Product"1 to Product1. As a result, the application cannot find the product in the catalog during the product lookup.
The application code is written to strip these values from the product ID to try to secure the site against the possibility of a script being introduced to the site and then run by visiting the script as a product.
The Std_url_lib.asp file, which is located in the Application Folder\Include folder, contains the following function:
Function GetRequestString(ByVal sName, ByVal vtDefault)
GetRequestString = MSCSAppFrameWork.RequestString(sName, vtDefault)
If Not IsNull(GetRequestString) Then
GetRequestString = Trim(GetRequestString)
GetRequestString = Replace(GetRequestString, """", "") 'Strip quotes $$ Raise warning?
GetRequestString = Replace(GetRequestString, ">", "")
GetRequestString = Replace(GetRequestString, "<", "")
End If
End Function
If you use the second of the two options in the "Resolution" section, you can comment out the line
GetRequestString = Replace(GetRequestString, """", "") 'Strip quotes $$ Raise warning?
by using an apostrophe (') so that the quote character is not replaced. This permits the product to be selected in the browser.
Modification Type: | Major | Last Reviewed: | 10/22/2003 |
---|
Keywords: | kbpending kbprb KB296345 |
---|
|