Jeremy Kemper
2/12/2008 1:27:00 AM
On 2/11/08, Mark Adkins <kaujot@gmail.com> wrote:
> Jeremy Kemper wrote:
> > On 2/11/08, Mark Adkins <kaujot@gmail.com> wrote:
> >> I'm building a website for a university class that allows users to
> >> submit links (though not "rank" them) a la Digg. The entire page is
> >> built on a CGI script and uses HTML input fields, as well as a textarea.
> >>
> >> Everything seems to work fine, except that if a user inputs an
> >> apostrophe in any field of the form, the script breaks.
> >>
> >> Is there some way of handling this, or do I need to warn people to not
> >> use conjunctions or possessives?
> >
> > Escape any user-supplied data you put into a SQL query.
> >
> > Google up on SQL injection for more.
> >
> > Best,
> > jeremy
>
> Sorry, but how exactly do I escape the data?
>
> Basically, the code is this
>
> description = $cgi['description']
>
> HTML stuff
>
> puts #{description#}
You need to investigate this and figure it out yourself, my friend :)
jeremy