sqlインジェクション対策と言うので、思い出してみた
sub escape_html { # sanitize ( escape ) my ($self,$str) = @_; return $str if not defined($str); $str =~ s/&/&/go; $str =~ s/\"/"/go; #" make emacs happy $str =~ s/>/>/go; $str =~ s/</</go; return $str; } sub escape_sql { # sanitize ( escape ) my ($self, $str) = @_; if(defined($str)) { $str =~ s/\\/\\\\\\\\/go; $str =~ s/'/''/go; #' $str =~ s/%/\\\\%/go; $str =~ s/_/\\\\_/go; } return $str; }
