[albatross-users] al-textarea not escaping '"' character
Sheila King
sheila at thinkspot.net
Wed Oct 1 06:05:03 EST 2003
Using a somewhat patched version of 1.10
If I include a " character in an al-textarea element and submit, it is not
being escapted to " when the data is retrieved. It's weird, cuz < >
are being escaped, but not "
I noticed this because I'm trying to insert this data into a MySQL db and
am getting errors like this:
ProgrammingError: (1064, 'You have an error in your SQL syntax near
\'quoted" reply...", 1, NOW())\' at line 2')
Where the query statement is:
result = c.execute("""INSERT INTO replies (postid, content, authorid,
timestamp) VALUES (%s, "%s", %s, NOW());"""
% \
(postid, content, authorid))
It's the content field which is the textarea and holds, of course, the
content of a reply.
If I escape the characters myself, I can successfully insert them into the
MySQL database. Of course, displaying them later, after retrieved, they
look ... uh... wrong. Guess I am going to have to re-escape them back to
the original " character for displaying on the web page?
Recommendations? Suggestions?
Anyhow, I'm just puzzled that Albatross is not escaping the character. I
looked at the tags.py file and see for the al-textarea object, that it is
supposed to call the "escape" function defined near the top of tags.py. I
am not using the "noescape" attribute on my al-textarea field.
--
Sheila King
http://www.thinkspot.net/sheila/
http://www.k12groups.org
More information about the Albatross-users
mailing list