Job & Bill,
I am not sure it is DBI problem or CGI problem.
After looking the document of CGI::Vars,
$p = $q->Vars
will get a tied hash reference. In my understanding,
any operation on $p->{'abc'} will happen on CGI query
parameter itself. My question is this:
if we have CGI parameter 'abc=foo', $p->{'abc'} will
get 'foo' in scalar context. Given DBI handler $dbh,
$dbh->quote($p->{'abc'})
is supposed to get '\'foo\'', but it strangely get 'NULL'.
It may involve tied hash reference implementation of
CGI::Vars or DBI::quote. I found this by incidentally
getting a bug by inserting records from CGI parameters.
I have a functioning fix by using normal hash reference
$p = { $q->Vars }.
Post this question is just curious about why this is happening.
Joe
---------------------------------------------------
Joseph Xu, Software Developer, The Associated Press
Tel: +1 (212) 621-7252, Email: [EMAIL PROTECTED]
---------------------------------------------------
On Tue, 11 Dec 2001, Job Miller wrote:
> I think you missed his point Bill.
>
> I imagine he intends to use it in a SQL query, but is
> just showing it in a single print statement to isolate
> the error.
>
> try using vars in list context
> %params = $q->Vars;
>
> or use the quote method on the param call like:
> $dbh->quote(param('abc'));
>
> Job
>
>
> --- William R Ward <[EMAIL PROTECTED]> wrote:
> > [EMAIL PROTECTED] (Joseph Xu) writes:
> > > The following test script has strange behavior.
> > It may relate
> > > to CGI::Vars. please advice.
> > >
> > > Thanks
> > >
> > > #!/usr/bin/perl
> > >
> > > use DBI;
> > > use CGI;
> > >
> > > my $dbh = DBI->connect("dbi:mysql:wirepoll01",
> > > "UID", "PWD");
> > > my $q = new CGI;
> > >
> > > $q->param('abc' => 'foo');
> > > $p = $q->Vars; # tied hash reference
> > > print $dbh->quote( $p->{'abc'} ); # WHY print 'NULL' ?????
> > >
> > > $pp = {'abc' => 'foo'}; # normal hash reference
> > > print $dbh->quote( $pp->{'abc'} );# but this print '\'foo\''
> > >
> > > $dbh->disconnect;
> >
> > The DBI::quote function is not intended for CGI,
> > it's intended for the
> > database. In a SQL statement, if a string contains
> > single quotes, you
> > need to replace them with \' or '' (depending on the
> > database's
> > rules), and if a value is undefined, the database
> > equivalent is NULL.
> >
> > The reason $p->{'abc'} is not working as you would
> > expect is a CGI
> > question, not a DBI one. Try printing it without
> > the $dbh->quote()
> > function call, and see what the results are. Also
> > check
> > defined($p->{'abc'}) and exists($p->{'abc'}).
> >
> > If you are interested in "quoting" characters for
> > display in HTML, use
> > CGI::escapeHTML. For quoting characters in URLs,
> > use CGI::escape or
> > the URI module.
> >
> > --Bill.
> >
> > --
> > William R Ward [EMAIL PROTECTED]
> > http://www.wards.net/~bill/
> >
> -----------------------------------------------------------------------------
> > If you're not part of the solution, you're part
> > of the precipitate.
>
>
> __________________________________________________
> Do You Yahoo!?
> Check out Yahoo! Shopping and Yahoo! Auctions for all of
> your unique holiday gifts! Buy at http://shopping.yahoo.com
> or bid at http://auctions.yahoo.com
>
