OK.
> > better $sth = ( "INSERT INTO bearbeiter (funktionID, redakteurID) VALUES
> > ('$funktionID', '$redakteurID')" );
> > $dbh->do($sth) or die "Copy mistake ($sth)";
>
> And that will break when presented with a $funktionID or $redakturID value
> containing quotes, etc, so in general, you would be better off building the
> statement using $dbh->quote($funktionID) to protect yourself from nasty
> people who type q{ ','a');delete from bearbeiter; -- } into $funktionID.
What about this one:
my $sth = qq[INSERT INTO bearbeiter (funktionID,redakteurID)
VALUES(\'$funktionID\', \'$redakteurID\')];
--
Andreas Schmitz www.medialsoft.de
_ _ _ _ ° _ _ _ _ _
| | ||_ | \|| || _| (_)|- |
| | ||_ |_/||-||__
