On Fri, Jan 11, 2002 at 09:46:21AM -0500, Ron Hall wrote:
> On Fri, 11 Jan 2002, Simon Oliver wrote:
>
> > Sorry, I assumed you had read the docs and were still having problems.
>
> I did and I am still having problems :)
>
>
> the offending value is passed in from an web form
>
> so this hand patching is not the answer.
>
> doing
>
> $FORM{location} =~ s/\'/\'\'/g;
>
> doesn't seem to work.
According to the docs Simon quoted, for DBD::AnyData you need to escape a
single quote with a backslash, not with another single quote, as you would
for most other DBDs.
$FORM{location} =~ s/'/\\'/g;
> $loc = $dbh->quote("$FORM{location}");
>
> Generates and error in the web logs.
>
> Can't call method "quote" on an undefined value at
> /opt/wireless/process.cgi line 92.
Apparently you don't have a database handle in $dbh.
> and placeholders scare me.
That's too bad, since they're the best solution.
Ronald
