Re: (OT) TEXTAREA and the Single Quote

Replies are listed 'Best First'.
Re: Re: (OT) TEXTAREA and the Single Quote by jlongino (Parson) on Nov 18, 2001 at 03:20 UTC
BTW, this was written before I found PM, and I knew nothing about CGI.pm. Not that it matters, but I intercept the submit via "onclick=" and not "onsubmit=" as I originally posted. I don't know if this is enough code or not: print << "--eot1--"; <!doctype html public "-//w3c//dtd html 4.0 transitional//en"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-885 +9-1"> <meta name="GENERATOR" content="Mozilla/4.75 [en] (Win98; U) [Netsc +ape]"> <title>USA Fourteenth Faculty Survey, 2001</title> </head> . . . <form name="Survey" method="POST" action="$SubmitURL"> . . . <table border=0 width="100%"> <tr><td><TEXTAREA NAME="xiv" ROWS="6" COLS="55" wrap="soft"></TE +XTAREA></td></tr> <tr><td><input type="button" name="SubmitSurvey" value="Submit S +urvey" onclick="javascript:return SurveySubmit(document.forms[0])"></ +td></tr> </table> . . . </form> --eot1-- . . . function SurveySubmit (form) { var CGI_URL = "http://jaguar1.usouthal.edu/cgi-bin/surveys/facsenat +e/" form.xiv.value = escape(form.xiv.value) form.action = CGI_URL + "writesurvey.pl" form.submit() return true } [download] Update: Added javascript sub SurveySubmit(). Also, in one application there was only one person using the form for input so I told them to be sure and use `´` instead of the single quote and there's no problem (still an unacceptable solution though). --Jim	[reply] [d/l] [select]
Re: Re: (OT) TEXTAREA and the Single Quote by dws (Chancellor) on Nov 18, 2001 at 06:25 UTC
This ~~isn't~~ doesn't appear to be a Perl problem, it's a Javascript problem. Why are you calling `escape`? What happens if you comment that line out?	[reply] [d/l]
Re: Re: Re: (OT) TEXTAREA and the Single Quote by jlongino (Parson) on Nov 18, 2001 at 08:03 UTC
The whole SurveySubmit sub was an attempt to fix the initial problem. It appeared to me at the time that the reason the single quotes were screwing things up was because they weren't being escaped. You could bypass the whole sub but the results would be essentially the same. I assume (maybe erroneously) that double escapement didn't cause any noticeable problems. At least when I unescaped the data in the Perl CGI, I didn't get anything that appeared to be corrupted. Then again, I might have luckily bypassed circumstances that could have led to data corruption. It's ironic that the post was not OT at all. It was poor Perl programming that caused it. It just wasn't obvious at first. --Jim	[reply]