Here's my deal:

I've got a guestbook program up and running (mostly) that requires for part of it's operation that a text field that was initially entered into an HTML form be passed through my CGI script and back into a hidden text field generated by the same CGI script. It's working fine until someone uses a double quote in the first text box and then it acts up. I could solve it by filtering out the double quotes (tr/"/'/ but then I'd be changing what they wrote, and with nested quotes in some paragraphs that would be unfavorable.

here's what I have as far as code snippets so far:
Quote:

read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); @pairs = split(/&/, $buffer); foreach $pair (@pairs) {      ($name, $value) = split(/=/, $pair);      $value =~ tr/+/ /;      $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;      $value =~ s/<!--(.|\n)*-->//g;      $value =~ s/<([^>]|\n)*>//g;      #$value =~ tr/"/'/;      $INPUT{$name} = $value; }

That's my header complete with commented out quote filter.

Quote:

<input type="hidden" name="message" value="$INPUT{'message'} "><br />\n

and that is where it prints into the hidden text field... any ideas? Need more info? I'll b checking back frequently...

Forrest Cook

Try:

$input{message} =~ s/"/"/g;

It looks like your problem is a double quote within the double quoted string in the HTML. Replace the double quotes with the " code and it should be fine.

wow.... I was trying to solve it in a much more complicated way. Thanks for the obvious answer that I would never have thought of!

---