> -----Original Message----- > From: Rob Roudebush [mailto:[EMAIL PROTECTED]] > Sent: Monday, June 10, 2002 9:08 PM > To: [EMAIL PROTECTED] > Subject: single quotes kill my scripts > > > > I have the following code - when someone enters a whatever > ' whatever into one of my forms my script dies because of the > single quote. Arrrrggg... of course the first time I come > across it is when my boss is testing out the script. > $sth = $dbh->do( "insert into maintenance (owner, email, > maintype, title, requested, engineer, ticket, impact, comm, > dispo, dispodate, action, sponname, sponop, sponcp, sponp, > conname, conop, concp, conp, partname, partop, partcp, par > tp, manname, manop, mancp, manp, dbaname, dbaop, dbacp, dbap, > engname, engop, engcp, engp, mainname, mainop, maincp, > mainp, process, rollback, closeout, datetime, purpose, risk, > saname, saop, sacp, sap, total, pending, counting) value > s ('$owner', '@names', '$maintype', '$title', '$requested', > '$engineer', '$ticket', '$impact', '$comm', '$dispo', '$d > ispodate', '$action', '$sponname', '$sponop', '$sponcp', > '$sponp', '$conname', '$conop', '$concp', '$conp', '$partnam > e', '$partop', '$partcp', '$partp', '$manname', '$manop', > '$mancp', '$manp', '$dbaname', '$dbaop', '$dbacp', '$dbap', > '$engname', '$engop', '$engcp', '$engp', '$mainname', > '$mainop', '$maincp', '$mainp', '$process', '$rollback', '$clo > seout', '$datetime', '$purpose', '$risk', '$saname', '$saop', > '$sacp', '$sap', '$total', '$pending', '$counting')");
Two options: 1. Pass your variables through $dbh->quote(). 2. Use placeholders and prepare/execute. perldoc DBI -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
