[Zope] truncations in form input due to quotes problem

J Cameron Cooper jccooper@jcameroncooper.com
Wed, 05 Feb 2003 18:29:27 -0600


>
>
>I have some HTML forms that feed their data to a ZSQL method for
>insertion into a database.. I've been having a problem with the input to
>the fields getting truncated.. I think this is due to quotes in the
>input text.. Does anyone have a solution to this problem? Its common for
>people to use quotes in the input to HTML forms..
>  
>
DTML in SQL statements needs to use either <dtml-var whatever sql_quote> 
or <dtml-sqlvar whatever> to properly escape characters such as double 
quotes. See the DTML reference for specifics.

          --jcc