Training, Open Source computer languages

This is page http://www.wellho.net/forum/Perl-Programming/Apostrophes.html

Our email: info@wellho.net • Phone: 01144 1225 708225

 
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
Apostrophes

Posted by TedH (TedH), 11 January 2007
Hi guys, has anyone ever run across a problem with apostrophes in names or words?

Like O'Hara, D'arcy, don't, haven't etc?

It only seems to happen in form input tags. Textareas are okay.

I'm seeing it okay in prints and reads, but if I pass a field to an edit form the problem happens.

O'Hara would become O

Tried entity replacement to no avail. It's like the parser is losing it.

Standard text files etc., are not affected, only flat-file databases (maybe other db's too).

any ideas - Ted

Posted by TedH (TedH), 11 January 2007
Sorry Graham, I just realised we covered somethng like this before  . I'll go thru that again.

I'm doing the database differently this time so it may or may not work with it.

cheers - Ted

Posted by TedH (TedH), 11 January 2007
Well, got that sorted - and it wasn't what I thought it was.

The whole problem boiled down to the use of single/double quotes inside the HTML in the perl script and how I used them.
Code:
value="$input{"f01"}"

had been
Code:
value="$input{'f01'}"


Once I put doubles inside the input brackets, I got a correct reading.

Still think it's odd  but it works - Ted


Posted by admin (Graham Ellis), 11 January 2007
Ted, you may now have problems if someone enters a double quote ... best to test it?   Have a look at the quotemeta function

Posted by TedH (TedH), 11 January 2007
Hi Graham, Yes double quotes fail.

I'll have a look at the quotemeta function.

Not sure though how many times a " would be used in a word  that would go into an input box - never thought about it before. Hmmm.

Textareas would handle that okay with the usual replacement.

I'm just slapping together a quick generic ffdb manager 'cuz I'm fed up doing it all by hand thought it'd be nice to have something that I could just copy/paste or cut out a few subs and reuse stuff. (it's a rainy day thing  )

Posted by Custard (Custard), 17 February 2007
Hi Ted,

You should probably have something like

Code:
my $value=$input{'f01'};


In perl you don't need double quotes around a variable to get its value, in fact it is one of the "don't do's".

Also, I tried the following...
Code:
my %input=( 'f01' => 'hello "dolly"' );

my $value="$input{'f01'}";
print "\n\n".$value."\n";

And got..
Code:
jamesb@eschaton ~/src/perl $ ./test

hello "dolly"

So your quoting problem is not here.  It is most likely you have a problem with passing 'tainted' data directly to your database (Via SQL?).
Maybe you have a line like..
Code:
$dbh->execute( "insert into Blah values( $value )" );

In which case you definitely need to do some work on $value to avoid SQL injections as well as the problems you mentioned.

Of course, if you are not using SQL then some other rules may apply such as quoting commas in CSV files etc..

HTH

B


Posted by TedH (TedH), 17 February 2007
Hi Custard, (never did get in touch did I)

Yeah, I discovered that using " around the input instead of ' caused headaches. Got that done okay - never realised it before.

The use of typing " in an input type=text was causing the problem and messing stuff up. then I thought, just how many times would a " be used in normal forms. Names don't, only people who live in cottages with names like "Ivy Cottage", 12 Hill Street - etc. So I turned off "s and when any are found in an input area they get wiped. Only the textareas are allowed to use them.

It's on flat-files so SQL's not an issue, but I'll keep that in mind for such.

many thanks - Ted




This page is a thread posted to the opentalk forum at www.opentalk.org.uk and archived here for reference. To jump to the archive index please follow this link.

© WELL HOUSE CONSULTANTS LTD., 2024: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 793803 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho