Andreas Schmitz wrote:
> what about this one?
>
> my $max_alert = param("max_alert");
> $max_alert =~ s/(['"])/$1$1/g;
>
> my $sth = qq[insert into alerts (alrt, ncmp, suno, mess, prty, spst,
> dnst, crea, cdat) values (\'$max_alert'\, \'$company'\, \'$supplier'\,
> \'$message'\, \'$priority'\, \'2'\, \'2'\, \'$userid'\, SYSDATE)]
>
> --
> Andreas Schmitz
/me pukes.
how ugly. it was mentioned before a simple quote call will do the trick.. this
should work
$sth = $dbh->prepare("insert into alerts (alrt) values(?)")
or die "Cant prepare SQL statement: $DBI::errstr\n";
$sth->bind_param(1,$dbh->quote($sr));
$sth->execute()
or die "Cant Execute SQL statement: $DBI::errstr\n";
chris
--
-------------------------------
Just Your Friendly Neighborhood
_SPIDEY_
