Re: Escaping then un-escaping an apostrophe

You'll have way fewer problems if you were to think a bit more abstractly. The things you really want to do are:

Convert text pairs into a URL query.
Convert text into a JS string literal.
Convert text into an HTML attribute.
Convert text into an SQL string literal.

So make a function for each of them!

sub build_url {
   my $url = URI->new(shift(@_));
   $url->query_form(@_);
   return $url;
}

sub text_to_js_lit {
   my $s = $_[0];
   $s =~ s/\\/\\\\/g;
   $s =~ s/'/\''/g;
   return "'$s'";
}

sub text_to_html_val {
   my $s = $_[0];
   $s =~ s/&/&amp;/g;
   $s =~ s/</&lt;/g;
   $s =~ s/"/&quote;/g;
   return qq{"$s"};
}
[download]

my $url = build_url('/cgi-bin/script.pl',
   favadd   => 'yes',
   num      => '6210',
   favtitle => "jones's title",
   favlink  => '6210.html',
);

my $js_url = 'javascript:popUp(' . text_to_js_lit($url) . ')';

print('<a href=' . text_to_html_val($js_url) . '>');
[download]

As for converting text into an SQL string literal, the function already exists as $dbh->quote(). That said, you'd be better off using placeholders as previously mentioned.

Comment on Re: Escaping then un-escaping an apostrophe Select or Download Code