* Hildegard Schedthelm <hilde.sch...@yahoo.de> [2009-10-22 20:50]:
> I have written:
>
> $db->Sql( "INSERT into results VALUES('" . $datum . "','" .
> encode("iso-8859-1", $headline) . "','" . $company . "','" . $message . "','"
> . $content . "') ) ;
>
> instead of
>
> $db->Sql( encode("iso-8859-1", "INSERT into results VALUES('" . $datum .
> "','" . $headline . "','" . $company . "','" . $message . "','" . $content .
> "')") );
>
> Thanks for all Help!
Wow, that’s horrible. I mean, in several different ways.
I wouldn’t want to have to maintain such a codebase. Why would
you do this to yourself? May I suggest you use (a module that
allows you to use) placeholders instead, with a reasonable client
library for your database?
Even with just plain DBI, you could write something like
$dbh->do(
'INSERT into results VALUES (?,?,?,?,?)', {},
$datum, $headline, $company, $message, $content,
);
And then if you have actually declared the right charset in your
database schema and your DBD is competent, it would all just
work. You wouldn’t have to, and shouldn’t, worry about the
encoding of the data in the queries at all. Because that’s just
crazy.
And if you add DBIx::Simple to that, you’d merely say
$db->query(
'INSERT INTO results VALUES (??)',
$datum, $headline, $company, $message, $content,
);
Even better, if you use its SQL::Interp integration you can write
$db->iquery( 'INSERT INTO results', {
datum => $datum,
headline => $headline,
company => $company,
message => $message,
content => $content,
} );
which is redundant, but has the added advantage that SQL::Interp
will automatically produce something like `INSERT INTO results
(datum, headline, company, message, content)` and match up the
`VALUES()` part and order of parameters without any effort on
your part, so that the order of the columns in the database
schema doesn’t matter – the query will always work, and will
continue to work in the face of changes to either the query or
the schema.
Regards,
--
Aristotle Pagaltzis // <http://plasmasturm.org/>
