my $sth_insert = $dbh->prepare("INSERT INTO my_table (field1, field2) VALUES (?, ?)");
$sth_insert->execute( $value_for_field1, $value_for_field2 );
$sth_insert = $dbh->prepare("INSERT INTO my_table (field1, field2) VALUES ('?', '?')");
$sth_insert->execute;
and had to put all those little single quote marks in.
HTML::TEMPLATE is a definite on the todo list(like next on the list). I really value the recommendations I get from you and have never been steered wrong here.
As far as what I was saying about the cookie with a password the order of operations is as follows:
[code]
&password;#sub that writes the passwords
$pword=&password;#just a variable holding &password output
#form in same script that does processing so easy to put the value in the script
&writecookie;#sub that writes cookie--no exp date...cookie value is $pword
&getcookievalue;#cookie value named cookieword
if($cookieword ne $pword){print"Error 403...You don't have permission blah blah";exit(0);}#draw up a 403 type response
use HTML::Entities ();
my $decoded = HTML::Entities::decode($a);
my $encoded = HTML::Entities::encode($a);
my $encoded = HTML::Entities::encode_numeric($a);
The default set of characters to encode are control chars, high-bit chars, and the <, &, >, ' and " characters.
my $e = 'abcd!@#$%^&*()_{}[]:<>?,.efg1234';
# allow only alphanumerical characters and some basic punctuation
$e =~ tr/a-zA-Z0-9?!,.//cd;
outputs: abcd!?,.efg1234my $e = 'abcd!@#$%^&*()_{}[]:<>?,.efg1234';
# convert non alphanumericals characters to hex (ie: ! character converts to %21)
$e =~ s/([^0-9A-Za-z])/sprintf("%%%02X", ord($1))/seg;
# convert string to html hex entity
$e =~ s/%([A-Fa-f0-9]{2})/&#x$1;/g;
outputs: abcd!@#$%^&*()_{
}[]:<>?,.efg1234;
I understand it now. Only problem is it still allows metacharacters like a backtick to go through. [...] I mean there are only so many that can be damaging, right?
$encoded = encode_entities($input, '<>&"');
# and this would only encode non-plain ascii:
$encoded = encode_entities($input, '^\n\x20-\x25\x27-\x7e');
