Our users have a textarea that will hold client notes and are saved to the database upon submit. From time to time they will cut and paste text from MS word. There are certain characters such as a dash and quote that will be encoded by the form as … and – .
These codes get stored in the DB as well and I would prefere if they did not.
Is there anything I can do to prevent this? Do I have to filter all my data before going to the database?
** I already filter out (using struts tag) '<', '>', '"', and '&'. So if turn filtering on, I get “ on the page, and If turn filtering off, I get correct rendering but I runt he risk of HTML format code that I don't want. Any help would be appreciated.