That's an easy one that's been answered many times on this list.
IMHO, use placeholders - read the excellent documentation included
with the Perl DBI module by doing
perldoc DBI
at a command prompt, and search for "placeholder". Using placeholders
takes care of all quoting issues, and it can improve performance. But
it's worth it even if you only use it for quoting.
HTH.
--
Hardy Merrill
Senior Software Engineer
Red Hat, Inc.
[EMAIL PROTECTED] [[EMAIL PROTECTED]] wrote:
>
> I have a Web application that has a textarea field where a user can type a
> message and then the message will be stored in the database. Here is the
> code for the insert:
>
> insert into alerts (alrt, ncmp, suno, mess, prty, spst, dnst, crea, cdat)
> values ('$max_alert', '$company','$supplier', '$message', '$priority', '2',
> '2', '$userid', SYSDATE)
>
> This works fine unless there is a single quote in the message, which
> obviously is a big problem since I cannot restrict my users to not enter
> quotes into their text message. How can I avoid having this issue?
