From: "Mumia W." <[EMAIL PROTECTED]>
> On 06/11/2007 06:52 PM, Northstardomus wrote:
> > [...]
> > print "<br/>Inserting into Database , @values.";
>
> Use the "quotemeta" function to escape special characters
> that may be in the values.
Please don't!
> my @values_copy = @values;
> @values = map quotemeta($_), @values;
>
>
> > $dbh->do("INSERT INTO area_status (areaID, survey_date,
> > update_time,
> >
> > status ) VALUES ('$values[0]', '$values[1]', '$values[2]',
> > '$values[3]')");
> > $dbh->disconnect();
> > }
> > }
> >
> >
>
> Read "perldoc -f quotemeta"
Please do!
The quotemeta() should NOT be used to escape data for the database.
It was not designed for that and it knows nothing about your
database. So it will most likely escape too much (it doesn't look too
professional to display the text with backslashes scattered
everywhere) and/or it may escape something in a different way than
the database expects.
Either use the DATABASE SPECIFIC $dbh->quote() or even better use
$dbh->prepare() and placeholders. That's by far the safest and most
efficient solution.
Jenda
===== [EMAIL PROTECTED] === http://Jenda.Krynicky.cz =====
When it comes to wine, women and song, wizards are allowed
to get drunk and croon as much as they like.
-- Terry Pratchett in Sourcery
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
