Jasbinder Singh Bali wrote:
In my perl code, query is formed as follows:-
my $query_tbl_ul_received = $dbh->prepare("INSERT INTO tbl_ul_received
(unmask_id,seq_no,received_id,received_from,received_by,received_via,received_with,received_for,received_date_time,received_comments)
VALUES
(".$unmask_id.",".$count.",'".$id."','".$from_from."','".$by_domain."'',',".$with."','".$for."','".$date_time."','".$rcomm."')");
That is just horrible, to be honest. I have a very strong opinion that
interpolating literal data values into SQL is to be avoided if at all
possible. You should be doing something like this:
my $query_tbl_ul_received = $dbh->prepare("INSERT INTO tbl_ul_received
(unmask_id,seq_no,received_id,received_from,received_by,received_via,received_with,received_for,received_date_time,received_comments)
VALUES (?,?,?,?,?,?,?,?,?)";
my $rv =
$query_tbl_ul_received->execute($unmask_id,$count,$id,$from_from,$by_domain,$with,$for,$date_time,$rcomm);
Use numbered placeholders of the $n variety if you prefer (see DBD::Pg
docs for details).
Quite apart from saving you all the tiresome bother of getting the
quoting right, this saves you from the possibility of SQL injection
attacks. See if doing this resolves your error. If not, at least we'll
be better able to diagnose it with any luck.
cheers
andrew
