On Wed, 23 Oct 2002 08:06:42 -0400 Christopher G Tantalo <[EMAIL PROTECTED]> wrote:
> > what about this one?
> >
> > my $max_alert = param("max_alert");
> > $max_alert =~ s/(['"])/$1$1/g;
> >
> > my $sth = qq[insert into alerts (alrt, ncmp, suno, mess, prty, spst,
> > dnst, crea, cdat) values (\'$max_alert'\, \'$company'\, \'$supplier'\,
> > \'$message'\, \'$priority'\, \'2'\, \'2'\, \'$userid'\, SYSDATE)]
Each database type has different rules for quote escaping. That's why DBI
defines $dbh->quote(). It's also why I keep pushing placeholders.
> /me pukes.
> how ugly. it was mentioned before a simple quote call will do the
> trick.. this should work
>
> $sth = $dbh->prepare("insert into alerts (alrt) values(?)")
> or die "Cant prepare SQL statement: $DBI::errstr\n";
> $sth->bind_param(1,$dbh->quote($sr));
> $sth->execute()
> or die "Cant Execute SQL statement: $DBI::errstr\n";
Quote()ing and placeholders are mutually exclusive. In Oracle, you would
have just inserted two quote characters for each single one in $sr.
--
Mac :})
** I normally forward private questions to the appropriate mail list. **
Ask Smarter: http://www.tuxedo.org/~esr/faqs/smart-questions.html
Give a hobbit a fish and he eats fish for a day.
Give a hobbit a ring and he eats fish for an age.
