Posted by TedH (TedH), 11 January 2007Hi guys, has anyone ever run across a problem with apostrophes in names or words?
Like O'Hara, D'arcy, don't, haven't etc?
It only seems to happen in form input tags. Textareas are okay.
I'm seeing it okay in prints and reads, but if I pass a field to an edit form the problem happens.
O'Hara would become O
Tried entity replacement to no avail. It's like the parser is losing it.
Standard text files etc., are not affected, only flat-file databases (maybe other db's too).
any ideas - Ted
Posted by TedH (TedH), 11 January 2007Sorry Graham, I just realised we covered somethng like this before . I'll go thru that again.
I'm doing the database differently this time so it may or may not work with it.
cheers - Ted
Posted by TedH (TedH), 11 January 2007Well, got that sorted - and it wasn't what I thought it was.
The whole problem boiled down to the use of single/double quotes inside the HTML in the perl script and how I used them.
Once I put doubles inside the input brackets, I got a correct reading.
Still think it's odd but it works - Ted
Posted by admin (Graham Ellis), 11 January 2007Ted, you may now have problems if someone enters a double quote ... best to test it? Have a look at the quotemeta function
Posted by TedH (TedH), 11 January 2007Hi Graham, Yes double quotes fail.
I'll have a look at the quotemeta function.
Not sure though how many times a " would be used in a word that would go into an input box - never thought about it before. Hmmm.
Textareas would handle that okay with the usual replacement.
I'm just slapping together a quick generic ffdb manager 'cuz I'm fed up doing it all by hand thought it'd be nice to have something that I could just copy/paste or cut out a few subs and reuse stuff. (it's a rainy day thing )
Posted by Custard (Custard), 17 February 2007Hi Ted,
You should probably have something like
In perl you don't need double quotes around a variable to get its value, in fact it is one of the "don't do's".
Also, I tried the following...
So your quoting problem is not here. It is most likely you have a problem with passing 'tainted' data directly to your database (Via SQL?).
Maybe you have a line like..
In which case you definitely need to do some work on $value to avoid SQL injections as well as the problems you mentioned.
Of course, if you are not using SQL then some other rules may apply such as quoting commas in CSV files etc..
Posted by TedH (TedH), 17 February 2007Hi Custard, (never did get in touch did I)
Yeah, I discovered that using " around the input instead of ' caused headaches. Got that done okay - never realised it before.
The use of typing " in an input type=text was causing the problem and messing stuff up. then I thought, just how many times would a " be used in normal forms. Names don't, only people who live in cottages with names like "Ivy Cottage", 12 Hill Street - etc. So I turned off "s and when any are found in an input area they get wiped. Only the textareas are allowed to use them.
It's on flat-files so SQL's not an issue, but I'll keep that in mind for such.
many thanks - Ted
PH: 01144 1225 708225 • FAX: 01144 1225 793803 • EMAIL: firstname.lastname@example.org • WEB: http://www.wellho.net • SKYPE: wellho