Looking at the output you show this is not a Tex error (and presumably LaTeX handles your code correctly) it is an error from Vim, by which I assume you are using the editor that isn't emacs:-) It looks like you are using a Vim mode that thinks it understands TeX syntax and is trying to do something useful, but actually it doesn't understand the full command usage.
The following is written to accord to Mac OS Xs' FHS implementation. This is principally valid for any UNIX-like OS.
Pdflatex allows you to specify complete paths:
\input{/Users/user_name/some/path}
Under Unix-Like systems you may even use shell(bash) variables in you paths:
\input{$HOME/some/path}
or common abbreviations
\intput{\string~/some/path}
(note: using \string
here to tell latex to pass the character to shell instead of taking the "meaning")
Of course you may also specify relative paths. This means of course you need to know what your active path is. For pdflatex this is most commonly the path (or directory) were yout main document lies (which is given pdflatex as an argument).
\input{some_file}
This will tell pdflatex to use some_file
which is located in the active dir. (If not an error will be raised.)
\input{./some_file}
Will do exactly the same, while
\input{../some_file}
will tell pdflatex to use some_file
which lies in the parent folder (one level above.)
So one might ask why? Well under common OSs like UNIX or Windows the dot representations are in charge, so that .
represents the current/active folder and ..
the parent. Therefore ../../
will represent a folder two levels above (the parent of the parent). This is possible, since the directory tree only knows one parent a a certain level. So 'going up' is all the same on any level.
Best Answer
Depending on what input you need, just encoding your document as UTF-8 (
\usepackage[utf8]{inputenc}
) will allow unescaped unicode characters. If you need more variety than the major Latin-based languages, you should use XeLaTeX, (which assume unicode source) and a font that contains as many of the scripts as you might need (or you'll need to adjust your input cgi to choose the appropriate language and pass it to your document.)You also need to decide how to handle characters that are reserved by LaTeX, but might be part of your allowable input (
#, %, $, _, ^, &, {, }
) which should probably be turned into\#, \%
etc. This can easily be done with a regular expression substitution in your cgi script. (Although if you need to allow math input, this is more complicated.)As for sanitizing dangerous stuff from the input, the safest is to not allow any latex markup at all, in which case can you can simply strip out all instances of
\
from your input text. (And obviously don't run latex with the-shell-escape
option.) If you need limited markup, this can be doable, but trickier, depending on what you want to allow.