"JayBonci" <jayat_private> writes: >Wrap all your functions and do a $id =~ s/\'/\\\'/g; On your stuff. That isn't really enough though. At the moment I automatically escape ''', '\', '%', and ';', and also '|' under Windows (wonderful option that last one, try '|shell("cmd /c echo " & chr(124) & " format c:")|' on an ODBC data source). Are there any more which need to be caught? Peter.
This archive was generated by hypermail 2b30 : Sat Dec 29 2001 - 19:26:57 PST