punch_card_don has asked for the wisdom of the Perl Monks concerning the following question:
I have your classic MySQL DB of user-profile info and a web-based html form for input. In my Perl middleware, I'm trying to use HTML::Entities to encode any and all non-alphanumeric characters plus all non-English characters in the user input before building the SQL.
Works OK, except for the "any and all non-alphanumeric characters plus all non-English characters" part. Tried the deault
but, as it says in the documentation$encoded_input = encode_entities($input
This routine replaces unsafe characters in $string with their entity representation. .... The default set of characters to encode are control chars, high-bit chars, and the <, &, >, ' and " characters.
and that doesn't seem to include a whole bunch of non-alphnum characters like :, ;, , , ^, (, ) and a few more.
So I read:
A second argument can be given to specify which characters to consider unsafe (i.e., which to escape). ... this, for example, would encode just the <, &, >, and " characters:
OK, but I don't want to have to generate a list of every non-English character plus all the non-aplhanumerics - I might as well make my own regex if I have to do that.$encoded = encode_entities($input, '<>&"');
So next I tried this, from the example:
But that leave a whole bunch of non-alphanumeric chars as well. So, what the heck, just enlarge the range, right?encode_entities($string, "\200-\377");
converts every single character, alphanumeric and all. But maybe I'm getting closer...encode_entities($a, "\1-\500");
Will appreciate pointers to get me there.
Thanks.
Forget that fear of gravity,
Get a little savagery in your life.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: HTML::Entities - encode all non-alphanumeric and foreign chars?
by Sidhekin (Priest) on Sep 23, 2007 at 19:28 UTC | |
by punch_card_don (Curate) on Sep 23, 2007 at 20:03 UTC | |
by Sidhekin (Priest) on Sep 23, 2007 at 20:15 UTC | |
by punch_card_don (Curate) on Sep 23, 2007 at 20:33 UTC |