note
coolmichael
I am thrilled to have so many comments. Thank you dkubb.<p>
I've got taint checking on now, and I use <code>$q=CGI->new</code>. Eventually, I want to write a function that dies gracefully, printing an error to the web browser before it dies. I don't think I want to use <code>CGI::Carp "fatalsToBrowser"</code> as that gives too much information to the nasty people that might be using the stuff. I've changed the sql statement and untainted $criteria, so it has to be only letters and numbers. It was a bit of a pain getting the place holder to work, but eventually...<P>I don't take such a long critique personally. I'm quite happy to recieve positive and constructive comments. Thank you again.<p>
Unfortunatly, now that it's working so well, I've discovered a bug and need some help. The data is comming from a [paradox database]. Paradox is able to export it to CSV but isn't smart enough to escape the quote in the titles. I've been looking for a regex on the monastery to add escapes, but haven't found one yet. Do you have any suggestions?<P>
67704
67758