Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number

Form Entry to HTML and Plain text

by belize (Deacon)
on Apr 26, 2002 at 16:21 UTC ( #162322=perlquestion: print w/replies, xml ) Need Help??

belize has asked for the wisdom of the Perl Monks concerning the following question:

I have a form that is filled out without regard to special characters. This means that quotation marks, slashes, and many other characters which raise hell with HTML and CGI's will be typed in.

This information will be used both to return a HTML page with another form (including HIDDEN INPUTS where the quotation marks raise problems) and to generate a plain text email. Then the form will be submitted and an HTML page will be generated which requires the quotation marks to appear again.

I have no problem dealing with returns and paragraphs, but was wondering if there is a module that will handle all possible input characters that would cause problems (especially quotation marks) when generating HTML from the input.

Replies are listed 'Best First'.
Re: Form Entry to HTML and Plain text
by Cyrnus (Monk) on Apr 26, 2002 at 17:32 UTC
    When you use the you can make the parameters 'sticky' specifically you would use CGI qw(:form) (I usually use CGI qw(:standard) here is an example of how you would use this:
    #!/usr/bin/perl -w use strict; use CGI qw(:standard); #you can even alter the values of hidden fields based on #the values of other fields if (param('foo') eq 'change') { param('bar','a new value'); } my $txt_textfield=textfield(-name=>'foo', -size=>40); my $txt_hidden=hidden(-name=>'bar', -default=>'I do not want users to see this'); my $cmd_reset=defaults('Reset form'); my $cmd_submit=submit(-name=>'send'); print header( "text/html" ); print start_html( -title => "Sticky values in a form"); print start_form(); #defaults to method get, and action current form print <<FORM; $txt_textfield <br><br> $txt_hidden <br><br> $cmd_submit &nbsp; &nbsp; $cmd_reset FORM print end_form(); print end_html;
    copy the code to your cgi-bin and call it in a browser. When you view source note the value of the hidden field. Type 'change' (without quotes) into the text field, submit it and view source again. Also note that the value of the textfield stayed the same (you can change this behavior by using param('foo','') (those are two single quotes) after testing its value. For more information about CGI::Form you can go here: CPAN's CGI::Form page

Re: Form Entry to HTML and Plain text
by George_Sherston (Vicar) on Apr 26, 2002 at 16:39 UTC
    Would it work if you used a regex to turn any but a list of "safe" characters into escaped hexadecimals - the following, which I have cribbed from the otherwise annoying CGI Programming with Perl, may be what you want:
    $dirty_string =~ s/([^a-zA-Z0-9_.!~() -])/sprintf "%%%02X", ord($1)/ei +;
    You could then translate them back at your leisure.

    George Sherston
Re: Form Entry to HTML and Plain text
by belize (Deacon) on Apr 26, 2002 at 16:32 UTC
    I wish there was a way to modify posts, cause after reading the above, I was even confused.

    Basically, a form is filled, submitted, and another form is returned with the line:

    print "<INPUT TYPE=HIDDEN NAME=\"var_001\" VALUE=\"$INPUT{'var_001'}\" +>\n";
    Now, if $INPUT{'var_001'} contains a quotation mark, the whole returned form is corrupted.

    So, how to cope?

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://162322]
Approved by George_Sherston
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (6)
As of 2021-02-25 00:22 GMT
Find Nodes?
    Voting Booth?

    No recent polls found