> > Hi Rodney, thanks very much for your reply. I'm trying it now, but I'm doing
> > something wrong. Here's what I have, could you take a look at it?
> >
> > #parse query string and enter into database if query string exists
> >
> > my $authors = $query{'authors'};
> > my $title = $query{'title'};
> > my $year = $query{'year'};
> > my $source = $query{'source'};
> > my $topic = $query{'topic'};
> > my $purpose = $query{'purpose'};
> > my $sample = $query{'sample'};
> > my $gmc = $query{'gmc'};
> > my $process = $query{'process'};
> > my $outcome = $query{'outcome'};
> > my $rater = $query{'rater'};
> > my $results = $query{'results'};
> > my $refs = $query{'refs'};
> > my $notes = $query{'notes'};
> > my $therapy = $query{'therapy'};
> > my $analysis = $query{'analysis'};
> > my $critique = $query{'critique'};
> > my $getcopy = $query{'getcopy'};
> > my $id = $query{'id'};
> >
> >
> > #make sure all single quotes are escaped
> >
> > $q_authors = $dbh->quote($authors);
> > $q_title = $dbh->quote($title);
> > $q_year = $dbh->quote($year);
> > $q_source = $dbh->quote($source);
> > $q_topic = $dbh->quote($topic);
> > $q_purpose = $dbh->quote($purpose);
> > $q_sample = $dbh->quote($sample);
> > $q_gmc = $dbh->quote($gmc);
> > $q_process = $dbh->quote($process);
> > $q_outcome = $dbh->quote($outcome);
> > $q_rater = $dbh->quote($rater);
> > $q_results = $dbh->quote($results);
> > $q_refs = $dbh->quote($refs);
> > $q_notes = $dbh->quote($notes);
> > $q_therapy = $dbh->quote($therapy);
> > $q_analysis = $dbh->quote($analysis);
> > $q_critique = $dbh->quote($critique);
> > $q_getcopy = $dbh->quote($getcopy);
> >
> >
> > #update entry form into the database
> >
> > $sth = $dbh->prepare( "UPDATE tbl_sarah SET authors = '$authors', title =
> > '$title', year = '$year', source = '$source', topic = '$topic', purpose =
> > '$purpose', sample = '$sample', gmc = '$gmc', process = '$process', outcome
> > = '$outcome', rater = '$rater', results = '$results', refs = '$refs', notes
> > = '$notes', therapy = '$therapy', analysis = '$analysis', critique =
> > '$critique', getcopy = '$getcopy' WHERE id = '$id'" );
> > $sth->execute();
> >
> > --I've put single quotes and also tried no quotes around the variables in
> > the SQL statement; neither worked.
> >
The solution is simple, put the bind variables in the '$sth->execute'
and it will automagically be quoted like so:
$sth = $dbh->prepapre("UPDATE tbl_sarah SET authors = ?, title = ? WHERE
id = ?");
$sth->execute($authors, $title, $id);
use one variable per placeholder '?'. no need to use single quotes in the
SQL statement. for more info read the DBI documentation.
you wouldn't need all those '$q_var = $dbh->quote($var)' lines in the top
too.
> > Thanks again,
> > Omri
Mike
