Form Entry to HTML and Plain text

belize has asked for the wisdom of the Perl Monks concerning the following question:

I have a form that is filled out without regard to special characters. This means that quotation marks, slashes, and many other characters which raise hell with HTML and CGI's will be typed in.

This information will be used both to return a HTML page with another form (including HIDDEN INPUTS where the quotation marks raise problems) and to generate a plain text email. Then the form will be submitted and an HTML page will be generated which requires the quotation marks to appear again.

I have no problem dealing with returns and paragraphs, but was wondering if there is a module that will handle all possible input characters that would cause problems (especially quotation marks) when generating HTML from the input.

Comment on Form Entry to HTML and Plain text

Replies are listed 'Best First'.
Re: Form Entry to HTML and Plain text by Cyrnus (Monk) on Apr 26, 2002 at 17:32 UTC
When you use the CGI.pm you can make the parameters 'sticky' specifically you would use CGI qw(:form) (I usually use CGI qw(:standard) here is an example of how you would use this: #!/usr/bin/perl -w use strict; use CGI qw(:standard); #you can even alter the values of hidden fields based on #the values of other fields if (param('foo') eq 'change') { param('bar','a new value'); } my $txt_textfield=textfield(-name=>'foo', -size=>40); my $txt_hidden=hidden(-name=>'bar', -default=>'I do not want users to see this'); my $cmd_reset=defaults('Reset form'); my $cmd_submit=submit(-name=>'send'); print header( "text/html" ); print start_html( -title => "Sticky values in a form"); print start_form(); #defaults to method get, and action current form print <<FORM; $txt_textfield <br><br> $txt_hidden <br><br> $cmd_submit     $cmd_reset FORM print end_form(); print end_html; [download] copy the code to your cgi-bin and call it in a browser. When you view source note the value of the hidden field. Type 'change' (without quotes) into the text field, submit it and view source again. Also note that the value of the textfield stayed the same (you can change this behavior by using `param('foo','')` (those are two single quotes) after testing its value. For more information about CGI::Form you can go here: CPAN's CGI::Form page John	[reply] [d/l] [select]
Re: Form Entry to HTML and Plain text by George_Sherston (Vicar) on Apr 26, 2002 at 16:39 UTC
Would it work if you used a regex to turn any but a list of "safe" characters into escaped hexadecimals - the following, which I have cribbed from the otherwise annoying CGI Programming with Perl, may be what you want: `$dirty_string =~ s/([^a-zA-Z0-9_.!~() -])/sprintf "%%%02X", ord($1)/ei +;` [download] You could then translate them back at your leisure. § George Sherston	[reply] [d/l]
Re: Form Entry to HTML and Plain text by belize (Deacon) on Apr 26, 2002 at 16:32 UTC
I wish there was a way to modify posts, cause after reading the above, I was even confused. Basically, a form is filled, submitted, and another form is returned with the line: `print "<INPUT TYPE=HIDDEN NAME=\"var_001\" VALUE=\"$INPUT{'var_001'}\" +>\n";` [download] Now, if $INPUT{'var_001'} contains a quotation mark, the whole returned form is corrupted. So, how to cope?	[reply] [d/l]

Back to Seekers of Perl Wisdom