Simple [not for me] Single Quote Substitution

[SPrelewicz]

I pull some HTML from a mySQL DB to put into a text field. The problem is if there is a single quote it thinks its the end of the value attribute for the text field.

So, in my script I want to somehow replace the ' with the ASCII character, but that is goofy too with its perl-ism.

Heres what I have, not working

$data_in=~ s/'/\&#39\;/;

Thanks in advance for help.

Scott

 

[duncdude]

?

$data_in =~ s/'/'/g;


Kind Regards
Duncan

 

[knights199]

Not working" is a big statement. Are there any error messages or warnings? And what exactly isn't happening as it should be? It seems to work fine for me using this snippet.

#!/usr/bin/perl
use strict;
use warnings;

my $data_in = qq|'lol'|;
$data_in =~ s/'/\&#39\;/g;
print $data_in, "\n";

Note the /g modifier behind the regex. Maybe your problem was that not all quotes were replaced?


----

In need of programming book recommendations.

 

[ishnid]

You shouldn't have to handle any of this type of escaping by yourself. Learn how to use placeholders and prepared statements - seriously. You just need to pass the data to the database driver and it handles all the relevant escaping for you and reduces your vulnerability to SQL Injection Attacks (if you don't know what they are, google it - they're something every web developer should be aware of).

There's a quick summary of using placeholders here.