[Zope] ZSQL methods / input quote filtering
Wed, 31 Oct 2001 08:18:19 -0700
I've been working on a web form that has several large textarea
fields for text input, which is working well, but once in a while
people will enter single or double quotes around a word in that field.
example, outer quotes are mine:
"I come from a small eastern village named "New York" and while I was
growing up there I learned how to play a game called 'stickball'."
Sometimes that causes an error on the SQL insert or update. The text
is also sometimes truncated at the quote.
I thought ZSQL methods were supposed to safely escape all input
content. Why is this happening? Is there a simple, accepted manner to
have this behavior safely quashed besides setting up individual
Python substitutions for every possible character that needs
filtering? That seems as if it should be an unnecessary hack..