Thread: RE: [htmltmpl] (no subject)
Brought to you by:
samtregar
From: Chris D. <Chris.Davies@ManheimEurope.com> - 2002-06-28 09:15:01
|
Presumably you use DBI to get the data from your database. DBI provides an "escape the quotes" operation for strings containing single quotes. You could perhaps use that to process your data prior to giving it to H::T Chris -- Chris Davies, Manheim Online Tel. 0113 393-2004 Fax. 0870 444-0482. Mobile 07778 199069 -----Original Message----- From: htm...@li... [mailto:htm...@li...]On Behalf Of Glenn Morgan Sent: Friday, June 28, 2002 6:47 AM To: htm...@li... Subject: [htmltmpl] (no subject) Hi Had a search through the archive but can't find what I'm looking for, so here goes. I am using HTML::Template with PageKit and having a problem with <tmpl_var> substitutions in javascript quoted strings. See below: <button onclick="javascript: js_str='<tmpl_var name="tmpl_str">;"></button> If tmpl_str="It's a wonderful life" Then my resultant html is <button onclick="javascript: js_str='It's a wonderful life'";></button> This is obviously broken due to the unescaped single quote in It's. The same would apply if the js string assignment was enclosed in double quotes and I included doulble quotes in my tmp_str value. What I really need to do is: tmpl_str=It\'s a wonderful life and all would be well. Unfortunately, 1) I am working with db data and am not aware of what chars data values contain. 2) I am using the same data values in different places within the same template and do not want escaped quotes in all cases. These two cases make it very messy to filter my datasets and escape here, there and everywhere. Any ideas? Is there a simple solution or would a escape=quotes patch be the way to go? Thanks in advance Glenn ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Caffeinated soap. No kidding. http://thinkgeek.com/sf _______________________________________________ Html-template-users mailing list Htm...@li... https://lists.sourceforge.net/lists/listinfo/html-template-users |
From: Chris D. <Chris.Davies@ManheimEurope.com> - 2002-06-28 10:10:21
|
Duh! Sorry Chris -- Chris Davies, Manheim Online Tel. 0113 393-2004 Fax. 0870 444-0482. Mobile 07778 199069 -----Original Message----- From: htm...@li... [mailto:htm...@li...]On Behalf Of Philip S Tellis Sent: Friday, June 28, 2002 10:31 AM To: HTML::Template List Subject: RE: [htmltmpl] (no subject) On Fri, 28 Jun 2002, Chris Davies wrote: > Presumably you use DBI to get the data from your database. DBI provides an > "escape the quotes" operation for strings containing single quotes. You > could perhaps use that to process your data prior to giving it to H::T except, the way DBI escapes single quotes is by using a second quote: ' -> '' for most databases at least. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Caffeinated soap. No kidding. http://thinkgeek.com/sf _______________________________________________ Html-template-users mailing list Htm...@li... https://lists.sourceforge.net/lists/listinfo/html-template-users |
From: Philip S T. <phi...@gm...> - 2002-06-28 09:36:41
|
On Fri, 28 Jun 2002, Chris Davies wrote: > Presumably you use DBI to get the data from your database. DBI provides an > "escape the quotes" operation for strings containing single quotes. You > could perhaps use that to process your data prior to giving it to H::T except, the way DBI escapes single quotes is by using a second quote: ' -> '' for most databases at least. |
From: Cory T. <ct...@on...> - 2002-06-28 11:53:54
|
> -----Original Message----- > From: htm...@li... > [mailto:htm...@li...]On Behalf Of > Philip S Tellis > Sent: Friday, June 28, 2002 5:31 AM > To: HTML::Template List > Subject: RE: [htmltmpl] (no subject) > > > On Fri, 28 Jun 2002, Chris Davies wrote: > > > Presumably you use DBI to get the data from your database. DBI > provides an > > "escape the quotes" operation for strings containing single quotes. You > > could perhaps use that to process your data prior to giving it to H::T > > except, the way DBI escapes single quotes is by using a second quote: > > ' -> '' > > for most databases at least. As far as I know, this is a function (for both 'neat' and 'quote') that has behavior dependent on the DBD loaded by DBI. -- Cory |