On Tue, Dec 17, 2002 at 09:11:22AM -0500, Chris Faust wrote: > Hello All, > > This may not be a DBI problem, but I've haven't been able to turn up any > good info so I'm giving the list a shot.. > > The problem is with double quotes, in short I have a HTML form text box to > take a user inputted description which gets saved into a mySql table into > the following field.
> The problem is if a user uses double quotes within that description then > everything from the first double quote until the end is wiped out > (everything else is inserted or updated).. > > I am using placeholders and I thought that this was the exact reason to use > them (so there are no quoting issues), for example I would guess that you are passing the values through hidden fields in another HTML page before inserting them into the database, and failing to escape the values there. The behavior you describe would not come from using placeholders in DBI. You can escape the values for HTML with ampersands, e.g.: s/&/&/g; s/"/"/g; s/</</g; s/>/>/g; If you use the CGI module to produce the HTML, it will handle this escaping for you. Ronald
