in reply to Best way to use escapeHTML

This is what you're attempting to do 
#!/usr/bin/perl --
use strict;
use warnings;
use CGI();
my $q = CGI->new;
print $q->header, $q->start_html,
    $q->escapeHTML('<><><><><><>'),
    $q->escapeHTML( $q->param('comments'), ''),
    $q->end_html;
__END__
Content-Type: text/html; charset=ISO-8859-1

<!DOCTYPE html
        PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-U
+S">
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1
+" />
</head>
<body>
&lt;&gt;&lt;&gt;&lt;&gt;&lt;&gt;&lt;&gt;&lt;&gt;
</body>
</html>

[download]
CGI documentation is large, and the distribution comes with lots of examples ,there is even a book on the module.

Replies are listed 'Best First'.
Re^2: Best way to use escapeHTML
by Anonymous Monk on Aug 08, 2011 at 22:24 UTC
    What about like this: 
    use strict;
use CGI qw(:standard escapeHTML);

my $q = new CGI;

 my $comments = $q->escapeHTML( $q->param('comments') ) || '';

print header();
print "test: $comments";

    [download]
[reply]
[d/l]
      Why?
[reply]
        It could be that if the program is storing the value of: 
        my $comments = $q->escapeHTML( $q->param('comments') ) || '';

        [download]
        into a DB and if the user is writing something like in this string: "That's my option and <script>TEST</script>". The value will be stored in a save format like:
        "That's my option and <script>TEST</script>".
        Tha's why I think is the reason, and why not?
[reply]
[d/l]

In Section Seekers of Perl Wisdom