escaping

Possible Duplicate: Coldfusion adding extra quotes when constructing database queries in strings All, I am trying to use a getter to reference a bean during an insert. CF is not escaping the single quote properly in the value in 'form.title' and therefore I am receiving a malformed sql error. Any ideas? Here's the code. <cfscript> form.title = "page's are awesome"; page = new model.page.page(argumentCollection = form); <cfquery name="test" datasource="ksurvey"> insert into page(title) values('#page.getTitle()#') </cfquery> If you're going to do it that way, you need preserveSingleQuotes()

I have an assignment to create a lexical analyser and I've got everything working except for one bit. I need to create a string that will accept a new line, and the string is delimited by double quotes. The string accepts any number, letter, some specified punctuation, backslashes and double quotes within the delimiters. I can't seem to figure out how to escape a new line character. Is there a certain way of escaping characters like new line and tab? Here's some of my code that might help < STRING : ( < QUOTE> (< QUOTE > | < BACKSLASH > | < ID > | < NUM > | " " )* <QUOTE>) > < #QUOTE : "\"" >

This might be something I can't do but... parent.document.getElementById('<?php echo $_GET['song']; ?>') .innerHTML = '<img src="heart.png" onmouseover="heartOver('');" >'; The onmouseover="heartOver(''); portion breaks my JavaScript. Is there a way to escape the quotes so I can do this? Escape nested quotes with a backslash: \' Also, never echo user data without validating or sanitizing it: $song = $_GET['song']; // Validate HTML id (http://www.w3.org/TR/REC-html40/types.html#type-name) if(!preg_match('/^[a-z][-a-z0-9_:\.]*$/', $song) { // Display error because $song is invalid } OR //

I'm trying to execute a query using pyodbc with this kind of code cursor.execute("SELECT x from y where Name='%s'"%namepar) The parameter may have a quote and so it needs to be escaped in order to work, how do i do thos? I tried by simply replacing " ' " with " \\' " in namepar and it still doesn't work, I get a pyodbc.ProgrammingError You can pass parameters, and that will be escaped. cursor.execute("SELECT x from y where Name = ?", (namepar,)) http://www.python.org/dev/peps/pep-0249/#id15 http://code.google.com/p/pyodbc/wiki/Cursor 来源： https://stackoverflow.com/questions/17139487/pyodbc

How can I echo the literal string -e and nothing else? I'm trying to better understand how shell arguments are escaped. The following commands do not work: echo -e # prints nothing echo '-e' # prints nothing echo "-e" # prints nothing echo \-e # prints nothing echo \\-e # prints \-e echo '\-e' # prints \-e echo "'-e'" # prints '-e' (with quotes) echo -- -e # prints -- -e I can't find one that doesn't either include quotes or a leading slash. I'm assuming the real question is why: A C# or Java function can never behave differently based on whether you invoked it as foo(4) or foo(2+2) or foo(

I recently implemented a function to escape characters interpretable as regex that go into a system call for my R package 'rNOMADS' SanitizeWGrib2Inputs <- function(check.strs) { #Escape regex characters before inputting to wgrib2 #INPUTS # CHECK.STRS - Strings possibly containing regex metacharacters #OUTPUTS # CHECKED.STRS - Strings with metacharacters appropriately escaped meta.chars <- paste0("\\", c("(", ")", ".", "+", "*", "^", "$", "?", "[", "]", "|")) for(k in 1:length(meta.chars)) { check.strs <- stringr::str_replace(check.strs, meta.chars[k], paste0("\\\\", meta.chars[k])) } checked

Trying to do: fake-command.bat "ping -n 4 -w 1 127.0.0.1 >NUL" and fake-command.bat ping -n 4 -w 1 127.0.0.1 The batch file could look like: @echo %* It should return: ping -n 4 -w 1 127.0.0.1 >NUL and ping -n 4 -w 1 127.0.0.1 Here a workaround: @echo off goto start ------------------------------------------------------ Usage : mystring <command> Quotes around the command are required only when the command involves redirection via <, >, >>, or |, etc. Quotes ensure that the redirection is applied to the command, rather than the bat command itself. Examples : mystring ping -n 4 -w 1 127.0.0.1

I would like to add things like bullet points "•" to HTML using the XML Builder in Nokogiri, but everything is being escaped. How do I prevent it from being escaped? I would like the result to be: <span>•</span> rather than: <span>&#8226;</span> I'm just doing this: xml.span { xml.text "•\ " } What am I missing? If you define class Nokogiri::XML::Builder def entity(code) doc = Nokogiri::XML("<?xml version='1.0'?><root>&##{code};</root>") insert(doc.root.children.first) end end then this builder = Nokogiri::XML::Builder.new do |xml| xml.span { xml.text "I can has " xml.entity 8665 xml.text "