Training, Open Source computer languages
PerlPHPPythonMySQLApache / TomcatTclRubyJavaC and C++LinuxCSS 
Search for:
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
 
This week, we're updating our course layouts and descriptions. Presentation and materials always gently change over time, but just occasionally there's a need to make a step change to clear out some of the old and roll in the new. That's now happening - but over a long and complex site it's not instant and you'll see sections of the site changing up to and including 19th September.

See also [here] for status update
 
Apostrophes

Posted by TedH (TedH), 11 January 2007
Hi guys, has anyone ever run across a problem with apostrophes in names or words?

Like O'Hara, D'arcy, don't, haven't etc?

It only seems to happen in form input tags. Textareas are okay.

I'm seeing it okay in prints and reads, but if I pass a field to an edit form the problem happens.

O'Hara would become O

Tried entity replacement to no avail. It's like the parser is losing it.

Standard text files etc., are not affected, only flat-file databases (maybe other db's too).

any ideas - Ted

Posted by TedH (TedH), 11 January 2007
Sorry Graham, I just realised we covered somethng like this before  . I'll go thru that again.

I'm doing the database differently this time so it may or may not work with it.

cheers - Ted

Posted by TedH (TedH), 11 January 2007
Well, got that sorted - and it wasn't what I thought it was.

The whole problem boiled down to the use of single/double quotes inside the HTML in the perl script and how I used them.
Code:
value="$input{"f01"}"

had been
Code:
value="$input{'f01'}"


Once I put doubles inside the input brackets, I got a correct reading.

Still think it's odd  but it works - Ted


Posted by admin (Graham Ellis), 11 January 2007
Ted, you may now have problems if someone enters a double quote ... best to test it?   Have a look at the quotemeta function

Posted by TedH (TedH), 11 January 2007
Hi Graham, Yes double quotes fail.

I'll have a look at the quotemeta function.

Not sure though how many times a " would be used in a word  that would go into an input box - never thought about it before. Hmmm.

Textareas would handle that okay with the usual replacement.

I'm just slapping together a quick generic ffdb manager 'cuz I'm fed up doing it all by hand thought it'd be nice to have something that I could just copy/paste or cut out a few subs and reuse stuff. (it's a rainy day thing  )

Posted by Custard (Custard), 17 February 2007
Hi Ted,

You should probably have something like

Code:
my $value=$input{'f01'};


In perl you don't need double quotes around a variable to get its value, in fact it is one of the "don't do's".

Also, I tried the following...
Code:
my %input=( 'f01' => 'hello "dolly"' );

my $value="$input{'f01'}";
print "\n\n".$value."\n";

And got..
Code:
jamesb@eschaton ~/src/perl $ ./test

hello "dolly"

So your quoting problem is not here.  It is most likely you have a problem with passing 'tainted' data directly to your database (Via SQL?).
Maybe you have a line like..
Code:
$dbh->execute( "insert into Blah values( $value )" );

In which case you definitely need to do some work on $value to avoid SQL injections as well as the problems you mentioned.

Of course, if you are not using SQL then some other rules may apply such as quoting commas in CSV files etc..

HTH

B


Posted by TedH (TedH), 17 February 2007
Hi Custard, (never did get in touch did I)

Yeah, I discovered that using " around the input instead of ' caused headaches. Got that done okay - never realised it before.

The use of typing " in an input type=text was causing the problem and messing stuff up. then I thought, just how many times would a " be used in normal forms. Names don't, only people who live in cottages with names like "Ivy Cottage", 12 Hill Street - etc. So I turned off "s and when any are found in an input area they get wiped. Only the textareas are allowed to use them.

It's on flat-files so SQL's not an issue, but I'll keep that in mind for such.

many thanks - Ted




This page is a thread posted to the opentalk forum at www.opentalk.org.uk and archived here for reference. To jump to the archive index please follow this link.

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2014: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 899360 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho