Are you encoding the form fields? Trying using something like this:
use HTML::Entities;
my $name = encode_entities($_[3]);
my $email = encode_entities($_[1]);
my $comment = encode_entities($_[5]);
If this doesn't take care of the ' (I think it will...), you can add it
and any other characters as a "bad character".
my $name = encode_entities($_[3],"\39,\59"); # 39 should be the ' and 59
the ;.
Scott wrote:
>
> I have a web form that we use to submit comments to a database, however
> some characters will make the insert fail. For instance usage of ' or ;.
> Below is the snipit that handles this, perhaps I could be corrected in the
> errors of my ways.
>
> Everything in the DB is varchar except for the comments which is a blob.
>
> Thanks, Scott
>
> Page that handles the input:
> ------------------------------
> <%perl>
> if (@_) {
> if ((!$_[1]) or (!$_[3])) {
> print "ERROR: You missed some required information...<br><br>
> You will be returned shortly";
> } else {
> print "Thank you for your submission,<br><br>
> You will be auto-redirected in 5 seconds...";
> my $ip = $r->get_remote_host;
> my $ua = $r->header_in('User-Agent');
> my $ref = $r->header_in('referer');
>
> use Net::SMTP;
> use DBI;
>
> my $dsn = 'DBI:mysql:xxxxxx:localhost';
> my $dbuser = 'xxxxx';
> my $dbpass = 'xxxxxx';
> my $dbh = DBI->connect($dsn, $dbuser, $dbpass);
>
> my $name = $_[3];
> my $email = $_[1];
> my $comment = $_[5];
> $dbh->do("insert into email
> (name, email, comments, host, agent) values
> ('$name', '$email', '$comment', '$ip', '$ua')");
>
> my $subject = "xxxxxxxx.net Email Form...";
> my $smtp = Net::SMTP->new("xxxx.xxxxx.net");
> my $addr = "[EMAIL PROTECTED]";
>
> $smtp->mail($email);
> $smtp->to($addr);
> $smtp->data();
> $smtp->datasend("Subject: $subject \n");
> $smtp->datasend("\n");
> $smtp->datasend("Name: $name\n\n");
> $smtp->datasend("Comment:\n$comment");
> $smtp->dataend();
> $smtp->quit();
> close($smtp)
> }
> }
> </%perl>
>
> ---------------------------
> Section with form:
> ---------------------------
> } elsif ($source eq "contact") {
> print "<center><br><table width='70%'><tr><td>";
> print "<form NAME='CONTACT' action='email.ml'>";
> print "Name: <input type='text' name='name'
> size='50'><font color=red>*</font><br>";
> print "Email: <input type='text' name='email'
> size='50'><font color=red>*</font><br>";
> print "<textarea name='comments' COLS=80 ROWS=25></textarea><br>";
> print "<input type='submit' value='Submit Email'>";
> print "</td></tr></table></center>";
>
> ---------------------------
>
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> Mason-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/mason-users
--
Doug Dawson
Application Developer
Physicians Mutual Insurance Company
(402) 930-2432
There are 10 types of people in the world. Those who understand binary
and those who don't.
____________________________________________________________
This message and any attachments are confidential, may contain privileged
information, and are intended solely for the recipient named above. If you are
not the intended recipient, or a person responsible for delivery to the named
recipient, you are notified that any review, distribution, dissemination or
copying is prohibited. If you have received this message in error, you should
notify the sender by return email and delete the message from your computer
system.
begin:vcard
n:Dawson;Doug
tel;work:402.930.2432
x-mozilla-html:FALSE
url:http://www.physiciansmutual.com
org:;ETG
adr:;;2600 Dodge St.;Omaha;NE;68131;USA
version:2.1
email;internet:[EMAIL PROTECTED]
title:Programmer
fn:Doug Dawson
end:vcard
