Dan Muey [EMAIL PROTECTED] wrote: > > > > On Mon, 10 Mar 2003 08:18:31 -0600 Dan Muey > > <[EMAIL PROTECTED]> wrote: > > > > > Since you know how your table is structured : > > > > > > $query ="INSERT INTO stuff VALUES(NULL,$num,\'$character\')"; > > > > > > Or if you wanted to do it dynamically : > > > > > > $query = "INSERT INTO stuff VALUES("; > > > if($data =~ m/^\d+$/) { $query .= "$data\, "; } > > > else { $query .= "\'$data\'\, "; } > > > > The original poster wanted to make sure the values were > > properly quoted. If any "'" characters are in $character, > > Aahhh gotcha, in that case yes definitely use quote() because it will take care of > any charcaters that could casue problems and not just single quotes ( IE "(), etc.. ) > > Sorry for misunderstanding
But really, as Michael has already said twice, use placeholders. Many reasons to use them, and no reasons not to. They handle *ALL* quoting issues and give you other good things too. Read about placeholders in the perldocs by doing perldoc DBI at a command prompt, and search for 'Placeholder'. HTH. -- Hardy Merrill Senior Software Engineer Red Hat, Inc. > > DMuey > > > the SQL you've given will not parse correctly, if the user is > > lucky. If the user is unlucky, it could contain malicious SQL. > > > > DBI already includes a method for properly quoting values. > > Oddly enough it is named quote(). Read the fine manual to > > learn about it. > > > > That said, for DBDs that support them (including > > DBD::Oracle), placeholders are far superior. > > > > Again http://xmlproj.com/fom-serve/cache/49.html . > > > > > > -----Original Message----- > > > > From: Michael A Chase [mailto:[EMAIL PROTECTED] > > > > Sent: Saturday, March 08, 2003 9:02 PM > > > > To: [EMAIL PROTECTED]; Rob Benton > > > > Subject: Re: need some advice > > > > > > Placeholders. There are examples of using them in the fine > > > > DBI and DBD::Oracle manuals and in DBD-Oracle-xxx/Oracle.ex/ . > > > > > > > http://xmlproj.com/fom-serve/cache/49.html > > > > -- > > Mac :}) > > ** I normally forward private questions to the appropriate > > mail list. ** Ask Smarter: > > http://www.catb.org/~esr/faqs/smart-> questions.html > > Give a > > hobbit a fish and he eats fish for a > > day. > > Give a hobbit a ring and he eats fish for an age. > > > >