[Zope] ZSQL methods / input quote filtering

Chris Beaumont cbeaumon@msri.org
Wed, 31 Oct 2001 08:18:19 -0700


I've been working on a web form that has several large textarea 
fields for text input, which is working well, but once in a while 
people will enter single or double quotes around a word in that field.

example, outer quotes are mine:

"I come from a small eastern village named "New York" and while I was 
growing up there I learned how to play a game called 'stickball'."

Sometimes that causes an error on the SQL insert or update. The text 
is also sometimes truncated at the quote.

I thought ZSQL methods were supposed to safely escape all input 
content. Why is this happening? Is there a simple, accepted manner to 
have this behavior safely quashed besides setting up individual 
Python substitutions for every possible character that needs 
filtering? That seems as if it should be an unnecessary hack..

Thank you