Andreas-Schmitz wrote:
> my $dbh = DBI->connect($dsn, $user, $passwort,{RaiseError => 1});
>
>
> > $dbh->do("INSERT INTO bearbeiter (funktionID, redakteurID) ".
> > "VALUES ('$funktionID', '$redakteurID')");
>
> better $sth = ( "INSERT INTO bearbeiter (funktionID, redakteurID) VALUES
> ('$funktionID', '$redakteurID')" );
> $dbh->do($sth) or die "Copy mistake ($sth)";
And that will break when presented with a $funktionID or $redakturID value
containing quotes, etc, so in general, you would be better off building the
statement using $dbh->quote($funktionID) to protect yourself from nasty
people who type q{ ','a');delete from bearbeiter; -- } into $funktionID.
--
Jonathan Leffler ([EMAIL PROTECTED], [EMAIL PROTECTED])
Guardian of DBD::Informix 1.00.PC1 -- see http://www.cpan.org/
#include <disclaimer.h>
