CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Advanced:
What's happening (MySQL/DBI question)

 



Dubbs1231
newbie

Dec 19, 2000, 5:54 PM

Post #1 of 3 (1106 views)
What's happening (MySQL/DBI question) Can't Post

What's wrong with the attached code? it works, unless there are certain characters in $FORM{'comments'}. Is there a way for this to work, no matter what the contents of $FORM{'comments'} is?

Thanks



Kanji
User / Moderator

Dec 20, 2000, 12:36 AM

Post #2 of 3 (1100 views)
Re: What's happening (MySQL/DBI question) [In reply to] Can't Post

You need to escape $FORM{'comments'} so that it doesn't mangle your statement, which DBI.pm conveniently provides two methods for you to choose from:-

1. Placeholders
$sth = $dbh->prepare( "INSERT INTO table ( field ) VALUES ( ? )" );
$sth->execute( $FORM{'comments'} );

2. Explicit escaping and quoting
$dbh->do( "INSERT INTO table ( field ) VALUES ( " . $dbh->quote( $FORM{'comments'} ) . " )" );

See the DBI documentation for more examples and further insight.




Dubbs1231
newbie

Dec 20, 2000, 9:02 AM

Post #3 of 3 (1095 views)
Re: What's happening (MySQL/DBI question) [In reply to] Can't Post

Thanks a ton! I knew it somehow needed to be escaped, but I didn't know how to go about doing it. Your example and the DBI Documentation helped me to figure it out!!

Thanks again and God Bless!!!!!

Erich Musick


 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives