Rob Roudebush wrote at Tue, 11 Jun 2002 03:07:44 +0200:
> I have the following code - when someone enters a whatever ' whatever into one of
>my forms my
> script dies because of the single quote. Arrrrggg... of course the first time I
>come across it is
> when my boss is testing out the script.
Your script would be better to read with a here document and
the typical style for SQL statements (keys words uppercase):
> $sth = $dbh->do( "insert into maintenance (owner, email, maintype, title,
>requested, engineer,
> ticket, impact, comm,
> dispo, dispodate, action, sponname, sponop, sponcp, sponp, conname, conop, concp,
>conp, partname,
> partop, partcp, partp, manname, manop, mancp, manp, dbaname, dbaop, dbacp, dbap,
>engname, engop,
> engcp, engp, mainname, mainop, maincp, mainp, process, rollback, closeout, datetime,
>purpose,
> risk, saname, saop, sacp, sap, total, pending, counting) values ('$owner', '@names',
>'$maintype',
^^^^^^
You're sure that the email
is an array
of names ?
> '$title', '$requested', '$engineer', '$ticket', '$impact', '$comm', '$dispo', '$d
>ispodate',
> '$action', '$sponname', '$sponop', '$sponcp', '$sponp', '$conname', '$conop',
>'$concp', '$conp',
> '$partnam e', '$partop', '$partcp', '$partp', '$manname', '$manop', '$mancp',
>'$manp', '$dbaname',
> '$dbaop', '$dbacp', '$dbap',
> '$engname', '$engop', '$engcp', '$engp', '$mainname', '$mainop', '$maincp',
>'$mainp', '$process',
> '$rollback', '$clo
> seout', '$datetime', '$purpose', '$risk', '$saname', '$saop', '$sacp', '$sap',
>'$total',
> '$pending', '$counting')");
>
And here's a little more beautiful form.
my @fields = qw(
owner, email, maintype, title, requested, engineer,
ticket, impact, comm, dispo, dispodate, action,
sponname, sponop, sponcp, sponp, conname, conop,
concp, conp, partname, partop, partcp, partp,
manname, manop, mancp, manp, dbaname, dbaop,
dbacp, dbap, engname, engop, engcp, engp,
mainname, mainop, maincp, mainp, process, rollback,
closeout, datetime, purpose, risk, saname, saop,
sacp, sap, total, pending, counting)
);
my @values = join "," => map {"'$_'"} (
$owner, "@names", $maintype, $title, $requested, $engineer,
$ticket, $impact, $comm, $dispo, $dispodate, $action,
$sponname, $sponop, $sponcp, $sponp, $conname, $conop,
$concp, $conp, $partname, $partop, $partcp, $partp,
$manname, $manop, $mancp, $manp, $dbaname, $dbaop,
$dbacp, $dbap, $engname, $engop, $engcp, $engp,
$mainname, $mainop, $maincp, $mainp, $process, $rollback,
$closeout, $datetime, $purpose, $risk, $saname, $saop,
$sacp, $sap, $total, $pending, $counting
);
$sth = $dbh->do "INSERT INTO Maintenance @fields VALUES (@values)";
Without the strange behaviour of email => @names you also would have written:
no strict 'refs';
my @values = join "," => map {"'${$_}'"} @fields;
use strict 'refs';
If any of your data contains a ' so you should quote it:
my @values = join "," => map {"'$_'"} map { $dbh->quote } @fields;
Best Wishes,
Janek
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
