Thanks for this. :)
It works with chorobas snippet and yours.
I tried the escapeHTML function but Perl said that it couldn't find this one. According to the version 3.65 manual escapeHTML is being executed automatically.
My webserver has CGI.pm version 3.42 installed. So my guess is that escapeHTML is a feature that was introduced in a later version.
Re^2: [Perl-CGI] Print non-interpolated string
Replies are listed 'Best First'.
Thanks, I managed to fix it. The documentation is... let's say not really clear on how to use it.
It says: $escaped_string = escapeHTML("unescaped string");
But for manual use it's $escaped_string = $cgi->escapeHTML("unescaped string"); Unfortunately this is not mentioned in the documentation but Google found the Syntax for me. This method is not importet by using 'use CGI;'. It's a method on the $cgi-Object. :)
And you're right: This method is used automatcally only for forms created using CGI.pm and not on my self-written HTML-code.
CGI has two operating modes: OO and procedural. You have to import the procedural portions to get that syntax.
Also, it's not Perl that's evaluating your code as to Perl it's just text data until you use something like eval $text. Your browser, on the other hand, feels free to interpret HTML as HTML in an HTML document type. Look into both escaping characters (as you have done), and into additional issues like HTML entities in general and <pre></pre> tags. While you're at it, look into SQL injection and XSS.