CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
Search Posts SEARCH
Who's Online WHO'S
Log in LOG

Home: Perl Programming Help: Advanced:
Single quotes in sql-queries



Oct 16, 2000, 1:10 AM

Post #1 of 3 (2636 views)
Single quotes in sql-queries Can't Post

I use the following Perl-code to parse a query to my sql-database:
$sth = $dbh->prepare($sqlstr);

$sqlstr will contain single quotes, but not all of them are allowed.

Example where single quotes are OK:
$sqlstr = "INSERT INTO EXAMPLE (id) VALUES ('10')"

Example where single quotes are not OK:
$sqlstr = "INSERT INTO EXAMPLE (name) VALUES ('john's book')"

So, only the quote after john should be replaced by \'.

How can I do that? I mean how can I replace only the wrong quotes?

The Netherlands



Oct 16, 2000, 6:52 AM

Post #2 of 3 (2636 views)
Re: Single quotes in sql-queries [In reply to] Can't Post

Here is a short example of what you could do using the quote subroutine. This subroutine will quote what you pass it, as well as escaping all other quotes in the string.

$id = 8847;
$id = $dbh->quote($id);
$title = q{Welcome to "John's House"};
$title = $dbh->quote($title);
$dbh->do("insert BookTitle (id, title) values ($id, $title)");

It should be pretty straight forward. If you need more help look in the DBI docs or let me know.


User / Moderator

Oct 16, 2000, 8:53 AM

Post #3 of 3 (2636 views)
Re: Single quotes in sql-queries [In reply to] Can't Post

You can also use placeholders which just looks neater and lets DBI work out quoting issues itself...

<BLOCKQUOTE><font size="1" face="Arial,Helvetica,sans serif">code:</font><HR>

$sth = $dbh->prepare( "INSERT INTO example ( id, name ) VALUES ( ?, ? )" );
$sth->execute( "10", "john's book" );</pre><HR></BLOCKQUOTE>


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives