On Tue, 2004-05-04 at 22:51, Andrew Gaffney wrote:
> I designing a small Perl-based webapp with a MySQL backend. There is a script that
> pulls
> values from the DB and populates form fields. Some of the fields must have freeform
> text
> (can have <>'" etc.). Getting it into the DB isn't a problem. Populating the form
> fields
> with this type of data is, though. I have a test data field that is "you don't want
> to
> know". I have tried making it safe with:
>
> $string =~ s/\'/\\'/g;
> $string = $cgi->escape($string); // using CGI.pm
>
> Neither approach works properly. How does everyone else deal with this?
You probably want escapeHTML.
use strict;
use warnings;
use CGI;
my $cgi = CGI->new;
my $val = qq("Hello", said Paul);
my $escVal = $cgi->escapeHTML($val);
print qq(<input type="text" name="val" value="$escVal">);
--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
