pickledegg has asked for the wisdom of the Perl Monks concerning the following question:

I am suffering from what I assume is a common problem, however I am struggling to find a solution so I thought I would ask here:
My form has a hidden field (generated by perl): <input type="hidden" name="item" value="$item_name">

The problem is that the variable string contains sizes, such as 5/8" (5 eighths of an inch) and so on.
So, when generated the hidden field looks like this:

<input type="hidden" name="item" value="BGUS2-108 O.D Tube:5/8" MF Solder Connection:1/2"">

This obviously screws up my html input field, and the value is construed as: BGUS2-108 O.D Tube:5/8
Whats the best way to sort this out?

Thank you.

2006-06-16 Retitled by planetscape, as per Monastery guidelines

( keep:1 edit:20 reap:1 )

Original title: 'Double Quotes in form hidden field values'

2006-06-17 Retitled by g0n, as per Monastery guidelines
Original title: '(OT) Double Quotes in form hidden field values'

Replies are listed 'Best First'.
Re: Double Quotes in form hidden field values
by dorward (Curate) on Jun 15, 2006 at 13:18 UTC

    See HTML 4.01 section 3.2.2 Attributes:

    By default, SGML requires that all attribute values be delimited using either double quotation marks (ASCII decimal 34) or single quotation marks (ASCII decimal 39). Single quote marks can be included within the attribute value when the value is delimited by double quote marks, and vice versa. Authors may also use numeric character references to represent double quotes (&#34;) and single quotes (&#39;). For double quotes authors can also use the character entity reference &quot;.

    You don't actually need to think about this though, a module such as HTML::Entities will convert strings to use HTML safe characters for you. As a rule of thumb, just run every bit of data through it before stuffing it into your template.

[reply]
[d/l]
[select]
      Turns out it wasn't perl related. Its just that I wasn't sure which category it fell into until I'd found a solution.:)

      I just use single quotes to delimit the attribute. Thanks.
[reply]
        I just use single quotes to delimit the attribute.
        ... which works until someone has a single-quote in the value. Or both a single and double quote. Or an ampersand.

        No, the proper thing here is to learn to escape properly. Other solutions have already been given in this thread. Pay attention to them.

        -- Randal L. Schwartz, Perl hacker
        Be sure to read my standard disclaimer if this is a reply.

[reply]
Re: Double Quotes in form hidden field values
by Asim (Hermit) on Jun 15, 2006 at 13:23 UTC

    You need to encode your values with HTML-safe entities, thus the module HTML::Entities would do the trick:

    use HTML::Entities;
my $item_name = q{BGUS2-108 O.D Tube:5/8" MF Solder Connection:1/2"};
my $encoded_item_name = encode_entities($item_name);

    [download]

    And then you'd send $encoded_item_name to the HTML form, and use decode_entities on the returned value.

    Does this help?

    ----Asim, known to some as Woodrow.

[reply]
[d/l]
[select]

      You wouldn't use decode_entities - the data submitted by the browser is not HTML encoded. The only encoding going on is likely to be URL encoding which CGI.pm / Apache::Request / etc deal with automatically.

[reply]
[d/l]

        Crap! Point taken. Thanks!

        ----Asim, known to some as Woodrow.

[reply]
Re: Double Quotes in form hidden field values
by gellyfish (Monsignor) on Jun 15, 2006 at 13:16 UTC

    Not really a perl question this, you need to use the HTML entity '&quot;'

    /J\

[reply]
[d/l]
Re: Double Quotes in form hidden field values
by pickledegg (Novice) on Jul 13, 2006 at 10:27 UTC

    Thank you, HTML::Entities is the sensible option.

    I would assume that this module is used by pretty much most perl programmers who develop for the web, as it seems like a necessity in most web database applications.

    Funny, my boss doesn't feel the same way, as after 6 years he has never used it. I find that quite concerning.

[reply]
Re: Double Quotes in form hidden field values
by leocharre (Priest) on Jun 15, 2006 at 16:09 UTC

    What was generating your page header, your output? The encoding of the page should be in the header, no matter what you're doing, perl, html, php, whatever.

[reply]

Back to Seekers of Perl Wisdom