use strict;
use vars qw( @ISA );
-use FS::Record qw( qsearchs qsearch dbdef );
+use FS::Record qw( qsearchs qsearch );
+use FS::Schema qw( dbdef );
+use CGI qw(escapeHTML);
@ISA = qw( FS::Record );
# Make sure it's a real table with a numeric primary key
my ($table, $pkey);
- if($table = $FS::Record::dbdef->table($self->dbtable)) {
+ if($table = dbdef->table($self->dbtable)) {
if($pkey = $table->primary_key) {
if($table->column($pkey)->type =~ /int/i) {
# this is what it should be
}
} else {
$text .= q!<INPUT NAME="! . $self->name .
- q!" VALUE="! . $value . q!"!;
+ q!" VALUE="! . escapeHTML($value) . q!"!;
if ($self->length) {
$text .= q! SIZE="! . $self->length . q!"!;
}