5 messages in com.mysql.lists.perlRe: perl+Mysql| From | Sent On | Attachments |
|---|---|---|
| ed phillips | 03 Oct 2000 23:15 | |
| Ramzi S. Abdallah | 04 Oct 2000 00:15 | |
| Dan Cutting | 04 Oct 2000 01:53 | |
| Ramzi S. Abdallah | 05 Oct 2000 16:52 | |
| Ramzi S. Abdallah | 05 Oct 2000 18:43 |
| Subject: | Re: perl+Mysql |
|---|---|
| From: | Ramzi S. Abdallah (rs...@acl.edu.au) |
| Date: | 10/05/2000 06:43:54 PM |
| List: | com.mysql.lists.perl |
Thanks a lot Dan it worked
Ramzi
----- Original Message ----- From: Dan Mahoney <da...@web.tf> To: Ramzi S. Abdallah <rs...@acl.edu.au> Sent: Friday, October 06, 2000 9:33 AM Subject: Re: perl+Mysql
"Ramzi S. Abdallah" wrote:
Thanks Ed, I have attached a copy of the script. I appreciate any help as I am not an experienced Perl programmer. I will try to find more info about this in the archieves but first I have to know where they are.
My mail interface stripped off the script, so I wasn't able to take a look at what you're doing. However, that sounds like a pretty standard problem. You can choose from a couple of solutions: call DBI->quote() on the string to be written to the database, or use "?" placeholders in your "prepare" statement. For example, if you have a script segment reading something like: $q = "INSERT INTO that_table VALUE (\"$name\", \"$address\")"; $sth = $dbh->prepare($q); $rv = $sth->execute(); you can replace it with: $q = "INSERT INTO that_table VALUE (?,?)"; $sth = $dbh->prepare($q); $rv = $sth->execute($name. $address); Using this technique, the DBI library (and the DBD modules it calls) are responsible for quoting the strings where needed, and usually do a good job of it. In the first code snippet, if the $address variable contained "13 Becker's Ridge" the statement would die - if you don't check it for an error return code, you'd never know it. Passing the same data to the second snippet will work - DBI will take care or escaping the '.
Dan Mahoney da...@web.tf