On Tue, 2004-05-04 at 22:51, Andrew Gaffney wrote:
I designing a small Perl-based webapp with a MySQL backend. There is a script that pulls values from the DB and populates form fields. Some of the fields must have freeform text (can have <>'" etc.). Getting it into the DB isn't a problem. Populating the form fields with this type of data is, though. I have a test data field that is "you don't want to know". I have tried making it safe with:
$string =~ s/\'/\\'/g; $string = $cgi->escape($string); // using CGI.pm
Neither approach works properly. How does everyone else deal with this?
You probably want escapeHTML.
use strict; use warnings; use CGI; my $cgi = CGI->new; my $val = qq("Hello", said Paul); my $escVal = $cgi->escapeHTML($val); print qq(<input type="text" name="val" value="$escVal">);
Yes, I do want that :) Thank you.
-- Andrew Gaffney Network Administrator Skyline Aeronautics, LLC. 636-357-1548
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
