> > > > insert into alerts (alrt, ncmp, suno, mess, prty, spst, dnst, crea, cdat)
> > > > values ('$max_alert', '$company','$supplier', '$message',
> > > > '$priority', '2',
> > > > '2', '$userid', SYSDATE)
> > > >
> > > > This works fine unless there is a single quote in the message, which
> > > > obviously is a big problem since I cannot restrict my users to not enter
> > > > quotes into their text message. How can I avoid having this issue?
> Besides it wouldn't actually solve the problem - the ' character is
> passed untouched by HTML::Entities.
what about this one?
my $max_alert = param("max_alert");
$max_alert =~ s/(['"])/$1$1/g;
my $sth = qq[insert into alerts (alrt, ncmp, suno, mess, prty, spst,
dnst, crea, cdat) values (\'$max_alert'\, \'$company'\, \'$supplier'\,
\'$message'\, \'$priority'\, \'2'\, \'2'\, \'$userid'\, SYSDATE)]
--
Andreas Schmitz http://www.medialsoft.de
_ _ _ _ � _ _ _ _ _
| | ||_ | \|| || _| (_)|- |
| | ||_ |_/||-||__
