On Tue, 2004-05-04 at 22:51, Andrew Gaffney wrote: > I designing a small Perl-based webapp with a MySQL backend. There is a script that > pulls > values from the DB and populates form fields. Some of the fields must have freeform > text > (can have <>'" etc.). Getting it into the DB isn't a problem. Populating the form > fields > with this type of data is, though. I have a test data field that is "you don't want > to > know". I have tried making it safe with: > > $string =~ s/\'/\\'/g; > $string = $cgi->escape($string); // using CGI.pm > > Neither approach works properly. How does everyone else deal with this?
You probably want escapeHTML. use strict; use warnings; use CGI; my $cgi = CGI->new; my $val = qq("Hello", said Paul); my $escVal = $cgi->escapeHTML($val); print qq(<input type="text" name="val" value="$escVal">); -- David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/> -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>