[albatross-users] al-textarea not escaping '"' character

[Sheila King]

Using a somewhat patched version of 1.10

If I include a " character in an al-textarea element and submit, it is not 
being escapted to " when the data is retrieved. It's weird, cuz < > 
are being escaped, but not "

I noticed this because I'm trying to insert this data into a MySQL db and 
am getting errors like this:

ProgrammingError: (1064, 'You have an error in your SQL syntax near 
\'quoted" reply...", 1, NOW())\' at line 2')

Where the query statement is:

result = c.execute("""INSERT INTO replies (postid, content, authorid,
                               timestamp) VALUES (%s, "%s", %s, NOW());""" 
% \
                               (postid, content, authorid))

It's the content field which is the textarea and holds, of course, the 
content of a reply.

If I escape the characters myself, I can successfully insert them into the 
MySQL database. Of course, displaying them later, after retrieved, they 
look ... uh... wrong. Guess I am going to have to re-escape them back to 
the original " character for displaying on the web page?

Recommendations? Suggestions?

Anyhow, I'm just puzzled that Albatross is not escaping the character. I 
looked at the tags.py file and see for the al-textarea object, that it is 
supposed to call the "escape" function defined near the top of tags.py. I 
am not using the "noescape" attribute on my al-textarea field.

-- 
Sheila King
http://www.thinkspot.net/sheila/
http://www.k12groups.org