You're letting un-Taint-checked data into your database, though it should be correctly quoted. I hope you trust your users.

Your original problem statement is:

Well Im having a problem if a user fills out one of my forms and puts somethi g in quotes, and when that gets printed from the database everything beyond the quptes is whiped out, they dont even show up in txt fields.
Let's break this down. From what you've shown, quotes in a field should get correctly quoted on insert to the database. Have you verified that data is truncated once it's in the database? Assuming that the corrupted data is from the "description" field, what does   SELECT description FROM items WHERE itemid=? show, when you plug in the right itemid?

If it's correct in the database, then you've narrowed the search, and we can then start examining the path data takes on the way back from the database. E.g., If you're putting data that contains quotes into HTML edit controls, you'll need to entity-escape the data.

And please post your responses under the correct node. It makes the discussion easier to follow.

In reply to Re: Re: Quotes In CGI by dws
in thread Quotes In CGI by andrew

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.