sanitize html & sql

久しぶりにsrcを書いたら、htmlやsqlのエスケープを、つい忘れていたので

sub escape_html {
    my ($self,$str) = @_;

    return $str if not defined($str);

    $str =~ s/&/&/go;
    $str =~ s/\"/"/go; #" make emacs happy
    $str =~ s/>/>/go;
    $str =~ s/</&lt;/go;
    return $str;
}

sub escape_sql {
    my ($self, $str) = @_;

    return $str if not defined($str);

    $str =~ s/\\/\\\\\\\\/go;
    $str =~ s/'/''/go; #' make emacs happy
    $str =~ s/%/\\\\%/go;
    $str =~ s/_/\\\\_/go;
    return $str;
}