I use PERL and a form with a <text area> and CGI scripts to input text into a MySQL table. The script is something like this:
sub update {
#!/usr/bin/perl -w
use DBI;
my ($dbh, $sth, $AccountID, $Input);
$AccountID="$FORM{'AccountID'}";
$Input="$FROM{'Input'}";
$dbh = DBI->connect('dbi:mysql:membersdb','member','somepasswd') || di
+e "cannot open";
$sql = qq`UPDATE memberinfo SET Input='$Input' WHERE AccountID='$Accou
+ntID'`;
$sth = $dbh->prepare($sql) or die "Cannot prepare: " . $dbh->errstr();
$sth->execute() or die "Cannot execute: " . $sth->errstr();
$sth->finish();
}
The text is input just fine as long as it doesn't contain single or double quotes. I know the quotation marks have to be escaped but have not been able to find a method to do that to a variable, i.e. $Input. Is there a simple way to do that with PERL? If so can someone point me to it or, better yet, provide the code I need in the above example.
Thanks for any assistance!!