Re^2: Escaping %params

Thank you... Interestingly, when I use this code:

use warnings;
use strict;
use CGI;

use Data::Dumper;
print "Content-type: text/html\n\n";

my $cgi = CGI->new();
my %params = map { $_ => $cgi->param($_) || '' } $cgi->param;

print Dumper \%params;
[download]

The output is when I pass test.pl?a=\'b is:

$VAR1 = { 'a' => '\\\'b' };
[download]

... so it looks like something in the stack is already taking care of the escaping for me. Am I worrying about nothing?

Comment on Re^2: Escaping %params Select or Download Code

Replies are listed 'Best First'.
Re^3: Escaping %params by tangent (Parson) on Jan 21, 2014 at 01:48 UTC
Data::Dumper is doing that - try this: `for my $param (keys %params) { print "$param: $params{$param}<br>" }` [download]	[reply] [d/l]
Re^3: Escaping %params (perl-escaping / html-escaping by Anonymous Monk on Jan 21, 2014 at 02:46 UTC
Data::Dumper does perl-escaping (defaults have some caveats) Data::Dump::pp() does better perl-escaping by default Neither ddumper does HTML-escaping You can alway do `my $cgi = CGI->new; print $cgi->header, $cgi->Dump ;` to see whats inside $query	[reply] [d/l]
Re^3: Escaping %params by AnomalousMonk (Archbishop) on Jan 21, 2014 at 23:27 UTC
`s/_/\_/g` `s/_/\_/g` does nothing. You probably want `s/_/\\_/g` `>perl -wMstrict -le "$_ = 'a_b__c___'; print qq{before: '$_'}; ;; s/_/\_/g; print qq{after: '$_'}; " before: 'a_b__c___' after: 'a_b__c___'` [download] But please allow me to add my voice to the chorus imploring you to Just Use Placeholders!.	[reply] [d/l] [select]