David Draley wrote:
>
> I have a perl form that records to a MySql database. Every time someone
> uses the form and enters “quoted text” in a text box or text area the record
> is not sent. Is there a way to allow “quoted text” to be processed? Any
> recommendations?
use placeholders. ie.-
$query = qq{insert into foo (bar, bat) values(?, ?)};
$dbh->do($query, undef, $formvalue1, $formvalue2);
this will insert a new record into foo with bar and bat values of
$formvalue1 and $formvalue2.
or, you could have
$query = qq{select foo from bar where bat=?};
$foo = $dbh->selectall_arrayref($query, undef, $formvalue);
here, we're selecting the foo field of all bar records where bat equals
the $formvalue.
using placeholders (the question marks), your data will automatically be
escaped. for more details, try reading perldoc DBI.
