On Jun 25, 3:19 pm, [EMAIL PROTECTED] (Ricky Zhou) wrote: > Greg Jetter wrote: > > my $query = "insert into tablename > > (atablenaem1,atablename2,atablename3)VALUES($SubjPerform,$somthing2, > > $somthing3); > > > # insert stuff in the db > > > $dbh->do($query) or die "$DBI::errstr"; > > To prevent SQL injection, etc. It's strongly recommended that you use > placeholders, which will automatically escape user-provided input for you. > > my $query = "insert into tablename (atablenaem1,atablename2,atablename3) > values (? ,?, ?)"; > $dbh->do($query, $SubjPerform, $somthing2, $somthing3) or die > "$DBI::errstr"; > > Seehttp://search.cpan.org/~timb/DBI-1.57/DBI.pm#Placeholders_and_Bind_Va... > for details. > > Hope this helps, > Ricky > > signature.asc > 1KDownload
One more quick question...does it matter if I have the "names" from the form (i.e. group title of synregime for values of ET, AT, RI, FLT, CUT) or do I just input the values and mysql puts them in the right group according to the value name. That could be where I'm going wrong. Thanks!! Shad -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/
