On Tue, 2004-05-04 at 22:51, Andrew Gaffney wrote:
> I designing a small Perl-based webapp with a MySQL backend. There is a script that 
> pulls 
> values from the DB and populates form fields. Some of the fields must have freeform 
> text 
> (can have <>'" etc.). Getting it into the DB isn't a problem. Populating the form 
> fields 
> with this type of data is, though. I have a test data field that is "you don't want 
> to 
> know". I have tried making it safe with:
> 
> $string =~ s/\'/\\'/g;
> $string = $cgi->escape($string); // using CGI.pm
> 
> Neither approach works properly. How does everyone else deal with this?

You probably want escapeHTML.

use strict;
use warnings;
use CGI;
my $cgi = CGI->new;
my $val = qq("Hello", said Paul);
my $escVal = $cgi->escapeHTML($val);
print qq(<input type="text" name="val" value="$escVal">);

-- 
David Dorward       <http://blog.dorward.me.uk/>   <http://dorward.me.uk/>


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>


Reply via email to