--- loncom/interface/loncoursedata.pm	2003/12/16 16:47:16	1.111
+++ loncom/interface/loncoursedata.pm	2004/03/09 21:42:01	1.112.2.1
@@ -1,6 +1,6 @@
 # The LearningOnline Network with CAPA
 #
-# $Id: loncoursedata.pm,v 1.111 2003/12/16 16:47:16 raeburn Exp $
+# $Id: loncoursedata.pm,v 1.112.2.1 2004/03/09 21:42:01 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -1225,11 +1225,7 @@ sub update_full_student_data {
                     # However, there is one wrinkle: submissions which end in
                     # and odd number of '\' cause insert errors to occur.  
                     # Best trap this somehow...
-                    $value =~ s/\'/\\\'/g;
-                    my ($offensive_string) = ($value =~ /(\\+)$/);
-                    if (length($offensive_string) % 2) {
-                        $value =~ s/\\$/\\\\/;
-                    }
+                    $value = $dbh->quote($value);
                 }
                 if ($field eq 'submissiongrading' || 
                     $field eq 'molecule') {
@@ -1278,13 +1274,21 @@ sub update_full_student_data {
         while (my ($part_id,$hash2) = each (%$hash1)) {
             while (my ($resp_id,$hash3) = each (%$hash2)) {
                 while (my ($transaction,$data) = each (%$hash3)) {
-                    $store_command .= "('".join("','",$symb_id,$part_id,
-                                                $resp_id,$student_id,
-                                                $transaction,
-                                                $data->{'awarddetail'},
-                                                $data->{'response_specific'},
-                                                $data->{'response_specific_value'},
-                                                $data->{'submission'})."'),";
+                    my $submission = $data->{'submission'};
+                    # We have to be careful with user supplied input.
+                    # most of the time we are okay because it is escaped.
+                    # However, there is one wrinkle: submissions which end in
+                    # and odd number of '\' cause insert errors to occur.  
+                    # Best trap this somehow...
+                    $submission = $dbh->quote($submission);
+                    $store_command .= "('".
+                        join("','",$symb_id,$part_id,
+                             $resp_id,$student_id,
+                             $transaction,
+                             $data->{'awarddetail'},
+                             $data->{'response_specific'},
+                             $data->{'response_specific_value'}).
+                             "',".$submission."),";
                     $store_rows++;
                 }
             }
@@ -2067,6 +2071,10 @@ sub get_response_data {
     }
     my $dataset = $sth->fetchall_arrayref();
     if (ref($dataset) eq 'ARRAY' && scalar(@$dataset)>0) {
+        # Clear the \'s from around the submission
+        for (my $i =0;$i<scalar(@$dataset);$i++) {
+            $dataset->[$i]->[3] =~ s/(\'$|^\')//g;
+        }
         return $dataset;
     }
 }