Thanks and sorry for the late reply Hardy..
I tried using qq{} instead of " and the same thing is happening.
As for the where clause, your right there should be one there - I was just
showing an example of how I was doing the placeholder, the real statement
would have been too much text :)..
If you or anyone else has any other ideas please pass them along..
Thanks
-Chris
>> -----Original Message-----
>> From: Hardy Merrill [mailto:[EMAIL PROTECTED]]
>> Sent: Tuesday, December 17, 2002 9:29 AM
>> To: Chris Faust
>> Cc: DBI
>> Subject: Re: Inserting DoubleQuotes using Placeholders
>>
>>
>> Not sure if this is the answer, but it might be - see below.
>>
>> Chris Faust [[EMAIL PROTECTED]] wrote:
>> > Hello All,
>> >
>> > This may not be a DBI problem, but I've haven't been able to
>> turn up any
>> > good info so I'm giving the list a shot..
>> >
>> > The problem is with double quotes, in short I have a HTML form
>> text box to
>> > take a user inputted description which gets saved into a mySql
>> table into
>> > the following field.
>> >
>> > | Field | Type | Null | Key | Default | Extra
>> > |
>> >
>> +---------------------+--------------+------+-----+---------+----
>> -----------
>> > -+
>> > | ListingDescription | text | YES | | NULL |
>> > |
>> >
>> >
>> > The problem is if a user uses double quotes within that
>> description then
>> > everything from the first double quote until the end is wiped out
>> > (everything else is inserted or updated)..
>> >
>> > I am using placeholders and I thought that this was the exact
>> reason to use
>> > them (so there are no quoting issues), for example
>> >
>> > $sth = $db->prepare("Update table set ListingDescription = ?")
>>
>> Instead of bounding your prepare with double quotes, try using
>> qq instead, like this:
>>
>> $sth = $db->prepare(qq{
>> update table
>> set ListingDescription = ?
>> }) || die "Error with prepare: $DBI::errstr";
>>
>> Since there aren't any variables being interpolated within the
>> sql, you could even substitute a "q" for the "qq".
>>
>> And, aren't you missing a WHERE clause in that update?
>>
>> HTH.
>>
>> --
>> Hardy Merrill
>> Senior Software Engineer
>> Red Hat, Inc.
>>
>> > $sth->execute($form_value{'description'}).
>> >
>> > Should I just do a search and replace on that val and escape any double
>> > quotes?
>> > ($val =~ s/"/\\"/g)
>> > Or is there something I'm missing?
>> >
>> > I guess I need to go back now and start testing things like
>> single quotes
>> > and whatnot to see if there are other problem with any other chars..
>> >
>> > Thanks in advance for any info.
>> > -Chris
