Yes, we don't want to start adding implementation specific features, unless
they are database specific. Tomorrow someone will want pdf escaping, etc...
Ilya
-----Original Message-----
From: Dave Rolsky
To: Mark Stosberg
Cc: [EMAIL PROTECTED]
Sent: 3/27/02 12:04 PM
Subject: Re: Feature suggestion: HTML escaping
On Wed, 27 Mar 2002, Mark Stosberg wrote:
> I'd like to have the option available for method that return to data
to
> have it automatically HTML escaped for me. A sample syntax might look
> like this:
>
> $data = $DBH->selectrow_arrayref($sql, {
> Slice=>{},
> escapeHTML=>1
> });
>
> ( I call it "escapeHTML" because that's what CGI.pm calls it). This
> feature could help prevent some security bugs and unexpected browser
> behavior.
This so doesn't need to be in the core DBI code. Just write a (very
tiny)
wrapper around DBI that uses HTML::Entities to escape data before giving
it to you. Piece o' cake and DBI stays plain ol' DBI.
-dave
/*==================
www.urth.org
we await the New Sun
==================*/
