if ( $cgi->param('accountcode') =~ /\S/ ) {
my $accountcode = $cgi->param('accountcode');
my @accountcode = map {
- ( my $v = $_ ) =~ s/^\s+|\s+$//g;
- if ( $v =~ /'/ ) { $v =~ s/'/\\'/g; $v = "E'$v'" }
- elsif ( length $v ) { $v = "'$v'" }
- length $v ? $v : ()
- } grep /\S/, split /\R/, $accountcode;
+ ( my $v = $_ ) =~ s/^\s+|\s+$//g; # trim margin whitespace
+ length $v ? dbh->quote($v) : ()
+ } grep /\S/, split /\R/, $accountcode; # collect non-trivial lines
if (@accountcode) {
my $search = 'accountcode IN ( ' . join( ',', @accountcode ) . ' )';
push @qsearch, $search;