I've personally written several (simple and complex) web applications that utilize different programming technologies to accomplish my goals. One of the most reoccuring issues that I run into is handling special characters for different things. For example:

• Passing Special characters to/from URLs to launch a different tool and pass parameters (some specified by a user)
• Escaping special characters in perl code
• formatting special characters for HTML to create pretty tables (etc) that includes user input from previous screens in the application
• subsituting special characters for databases to avoid errors based on users who need/require %, _, ', and " in their input fields

I've realized for some time now that it is cumbersome to handle/convert between these different technologies within the main program. I even use some great perl modules from CPAN.

Generally each technology has its own methods I find.

• URL: using URL Encoding (example)
• Escaping with backslashes or regex
• HTML Formatting: &gt for >, etc.
• Subsituting special character for database storage

  $sth = $dbh->prepare("update rpttemplates set name=?, where rpttemplat
  +es_id ='$input{'id'}'");
  $sth->execute($input{'name'});
  [download]

I know there are some great modules out there to perform the formatting some of these tasks. I was curious on what my fellow monks do to handle all this data and converting it back and forth to perform the tasks typical of web based applications. What are some best practices that you follow?