Peter Mayr wrote:
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > -----Original Message-----
> > From: Boyd, David [mailto:[EMAIL PROTECTED]]
> > Sent: 23 October 2001 19:15
> > To: EmbPerl News Group (E-mail)
> > Subject: Help working with html, embper, and oracle
> >
> >
> > I am having the following problem.
> >
> > I have some textareas on my html page. the problems come in when
> > the user enter single and/or double quotes and carrage returns in
> > the text area, does
> > a save to the database. Then when the info is read back out of
> > the database
> > there is errors on the html page and nothing is displayed.
> >
> > i would like for the user to be able to enter single and double
> > quotes and carrage returns in these areas. basically save the
> > formatting.
> > ...
>
> Hi,
>
> I had the same problem with a MySQL database, however there is the
> DBI function quote which treats quotes in a way that correspondends
> to the database you selected in the database handler
>
> $dbh= DBI->connect ("dbi:oeracle........);
>
> $quotedstring=$dbh->quote($stringwithquotes);
>
>
> hava a nice day
>
> peter
There are better ways besides using quote. Look at any of the recent
Perl articles on DBI... but what it comes down to, is to use
placeholders. E.g.:
$dbh = ...;
$sql = "insert into content (data) values (?)";
$sth = $dbh->prepare($sql);
$sth->execute($fdat{textarea});
DBI will then properly quote and optimize the query as much as possible
for you. This works for any DBD driver, even if the underlying database
does not support it.
Long long ago, early in my perl days, I wrote a SQL querybuilder.
Version 1 did something like this:
$textarea = $CGI->param("textarea");
$textarea =~ s/\'/\\\'/;
to manually escape all the quotes. Ended up having to do something
similiar for other characters, such as % (wildcard) as well.
Version 2 did the quote thing:
$textarea = $dbh->quote($CGI->param("textarea"));
Many lines disappeared from the code when using placeholders.
--
Regards,
Wim Kerkhoff, Software Engineer
Merilus, Inc. -|- http://www.merilus.com
Email: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
