Re: Double Quotes in form hidden field values

See HTML 4.01 section 3.2.2 Attributes:

By default, SGML requires that all attribute values be delimited using either double quotation marks (ASCII decimal 34) or single quotation marks (ASCII decimal 39). Single quote marks can be included within the attribute value when the value is delimited by double quote marks, and vice versa. Authors may also use numeric character references to represent double quotes (") and single quotes ('). For double quotes authors can also use the character entity reference ".

You don't actually need to think about this though, a module such as HTML::Entities will convert strings to use HTML safe characters for you. As a rule of thumb, just run every bit of data through it before stuffing it into your template.

Comment on Re: Double Quotes in form hidden field values Select or Download Code

Replies are listed 'Best First'.
Re^2: Double Quotes in form hidden field values by pickledegg (Novice) on Jun 15, 2006 at 13:34 UTC
Turns out it wasn't perl related. Its just that I wasn't sure which category it fell into until I'd found a solution.:) I just use single quotes to delimit the attribute. Thanks.	[reply]
Re^3: Double Quotes in form hidden field values by merlyn (Sage) on Jun 15, 2006 at 20:21 UTC
I just use single quotes to delimit the attribute. ... which works until someone has a single-quote in the value. Or both a single and double quote. Or an ampersand. No, the proper thing here is to learn to escape properly. Other solutions have already been given in this thread. Pay attention to them. -- Randal L. Schwartz, Perl hacker Be sure to read my standard disclaimer if this is a reply.	[reply]