Okay...I've noticed a bug for a long time in Perl with adding data with single quotation marks from text form fields into MySQL (and Links SQL is effected). You get a bad SQL statement error since the single quotation marks terminate the statement. This problem is evident in both referencing the add_record sub and writing raw SQL INSERT/UPDATE statements.
I've tried adding regexp for inputted parameters to remove the single quotes in the sub process_form routine in my add and edit scripts...yet the string is replaced with the number of single quotes rather than the complete value entered.
Any suggestions for fixing this bug? (also something that can be global applied to all scripts would be beneficial rather than configuring each parameter separately).
Thanks in advance.
Regards,
Eliot Lee
http://anthrotech.com/
I've tried adding regexp for inputted parameters to remove the single quotes in the sub process_form routine in my add and edit scripts...yet the string is replaced with the number of single quotes rather than the complete value entered.
Any suggestions for fixing this bug? (also something that can be global applied to all scripts would be beneficial rather than configuring each parameter separately).
Thanks in advance.
Regards,
Eliot Lee
http://anthrotech.com/