Home: Perl Programming Help: Advanced:
What's happening (MySQL/DBI question)


Dec 19, 2000, 5:54 PM

Views: 2343
What's happening (MySQL/DBI question)

What's wrong with the attached code? it works, unless there are certain characters in $FORM{'comments'}. Is there a way for this to work, no matter what the contents of $FORM{'comments'} is?


User / Moderator

Dec 20, 2000, 12:36 AM

Views: 2337
Re: What's happening (MySQL/DBI question)

You need to escape $FORM{'comments'} so that it doesn't mangle your statement, which DBI.pm conveniently provides two methods for you to choose from:-

1. Placeholders
$sth = $dbh->prepare( "INSERT INTO table ( field ) VALUES ( ? )" );
$sth->execute( $FORM{'comments'} );

2. Explicit escaping and quoting
$dbh->do( "INSERT INTO table ( field ) VALUES ( " . $dbh->quote( $FORM{'comments'} ) . " )" );

See the DBI documentation for more examples and further insight.


Dec 20, 2000, 9:02 AM

Views: 2332
Re: What's happening (MySQL/DBI question)

Thanks a ton! I knew it somehow needed to be escaped, but I didn't know how to go about doing it. Your example and the DBI Documentation helped me to figure it out!!

Thanks again and God Bless!!!!!

Erich Musick