Home > Archive > PERL CGI Beginners > May 2004 > getting ' and " in and out of form fields
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
getting ' and " in and out of form fields
|
|
| Andrew Gaffney 2004-05-22, 11:32 am |
| I designing a small Perl-based webapp with a MySQL backend. There is a script that pulls
values from the DB and populates form fields. Some of the fields must have freeform text
(can have <>'" etc.). Getting it into the DB isn't a problem. Populating the form fields
with this type of data is, though. I have a test data field that is "you don't want to
know". I have tried making it safe with:
$string =~ s/\'/\\'/g;
$string = $cgi->escape($string); // using CGI.pm
Neither approach works properly. How does everyone else deal with this?
--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
| |
| David Dorward 2004-05-22, 11:32 am |
| On Tue, 2004-05-04 at 22:51, Andrew Gaffney wrote:
> I designing a small Perl-based webapp with a MySQL backend. There is a script that pulls
> values from the DB and populates form fields. Some of the fields must have freeform text
> (can have <>'" etc.). Getting it into the DB isn't a problem. Populating the form fields
> with this type of data is, though. I have a test data field that is "you don't want to
> know". I have tried making it safe with:
>
> $string =~ s/'/\'/g;
> $string = $cgi->escape($string); // using CGI.pm
>
> Neither approach works properly. How does everyone else deal with this?
You probably want escapeHTML.
use strict;
use warnings;
use CGI;
my $cgi = CGI->new;
my $val = qq("Hello", said Paul);
my $escVal = $cgi->escapeHTML($val);
print qq(<input type="text" name="val" value="$escVal"> );
--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
| |
| Andrew Gaffney 2004-05-22, 11:32 am |
| David Dorward wrote:
> On Tue, 2004-05-04 at 22:51, Andrew Gaffney wrote:
>
>
> You probably want escapeHTML.
>
> use strict;
> use warnings;
> use CGI;
> my $cgi = CGI->new;
> my $val = qq("Hello", said Paul);
> my $escVal = $cgi->escapeHTML($val);
> print qq(<input type="text" name="val" value="$escVal"> );
Yes, I do want that :) Thank you.
--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
|
|
|
|
|