In my experience, the only character you really have to watch out for with mySQL is a single quote (') which you can just replace with a double-single quote (''). So I usually do something like this on each piece of text that I plan to write to a database:
$someInput =~ s/'/''/g; good luck! -----Original Message----- From: james lundeen [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 12:41 PM To: '[EMAIL PROTECTED]' Subject: really basic question about CGI module I "use CGI" in my routines very often and at times need to look at the incoming values from forms to make sure that they don't include "'" "," and other things that might blow up my connection with mysql database. Can someone please give me a nice piece of reusable code that will read the incoming variable and clean up all of the charecters that the user might have entered that certain programming routines might not like? Specifically, I have run into problems if the user has " ' , in the field. maybe there are others too? any help and code would be appreciated! -jimmyjames __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]