Michael Excellent - read DBI/placeholder
thanks
Michael Fowler
<michael@shoebox To: [EMAIL PROTECTED]
.net> cc: [EMAIL PROTECTED]
Subject: Re: mysql syntax problem
10/02/02 09:33
AM
On Wed, Oct 02, 2002 at 09:06:16AM +0100, [EMAIL PROTECTED]
wrote:
> when i query a mysql db within a perl script
> this works fine...
> $sth = $dbh->prepare ("SELECT venue from base1 WHERE op = 'K Trevan'");
>
> this doesn't..
> $sth = $dbh->prepare ("SELECT venue from base1 WHERE op = 'K O'Trevan'");
>
> i know the issue is 'K O'Trevan' in that the 2nd ' completes
>
> i just don't know how to resolve it - other than changing 'K O'Trevan'
to
> 'K O Trevan'
Use placeholders:
$sth = $dbh->prepare("SELECT venue FROM base1 WHERE op = ?");
$sth->execute("K O'Trevan");
This is a little silly with literal values, as you can easily escape them
manually. It works much better with data you get from sources that won't
escape it, such as user input.
Read about placeholders in perldoc DBI.
As for manually escaping your values, that's an SQL question, and you
should
read the documentation on your database for information on that.
Michael
--
Administrator www.shoebox.net
Programmer, System Administrator www.gallanttech.com
--
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
