Re: need some advice

Mon, 10 Mar 2003 08:55:54 -0800 

Dan Muey [EMAIL PROTECTED] wrote:
> > 
> > On Mon, 10 Mar 2003 08:18:31 -0600 Dan Muey 
> > <[EMAIL PROTECTED]> wrote:
> > 
> > > Since you know how your table is structured :
> > > 
> > > $query ="INSERT INTO stuff VALUES(NULL,$num,\'$character\')";
> > > 
> > > Or if you wanted to do it dynamically :
> > > 
> > > $query = "INSERT INTO stuff VALUES(";
> > > if($data =~ m/^\d+$/) { $query .= "$data\, "; }
> > > else { $query .= "\'$data\'\, "; }
> > 
> > The original poster wanted to make sure the values were 
> > properly quoted.  If any "'" characters are in $character, 
> 
> Aahhh gotcha, in that case yes definitely use quote() because it will take care of 
> any charcaters that could casue problems and not just single quotes ( IE "(), etc.. )
> 
> Sorry for misunderstanding

But really, as Michael has already said twice, use placeholders.
Many reasons to use them, and no reasons not to.  They handle
*ALL* quoting issues and give you other good things too.

Read about placeholders in the perldocs by doing

  perldoc DBI

at a command prompt, and search for 'Placeholder'.

HTH.

-- 
Hardy Merrill
Senior Software Engineer
Red Hat, Inc.

> 
> DMuey
> 
> > the SQL you've given will not parse correctly, if the user is 
> > lucky.  If the user is unlucky, it could contain malicious SQL.
> > 
> > DBI already includes a method for properly quoting values.  
> > Oddly enough it is named quote().  Read the fine manual to 
> > learn about it.
> > 
> > That said, for DBDs that support them (including 
> > DBD::Oracle), placeholders are far superior.
> > 
> > Again http://xmlproj.com/fom-serve/cache/49.html .
> > 
> > > > -----Original Message-----
> > > > From: Michael A Chase [mailto:[EMAIL PROTECTED]
> > > > Sent: Saturday, March 08, 2003 9:02 PM
> > > > To: [EMAIL PROTECTED]; Rob Benton
> > > > Subject: Re: need some advice
> > 
> > > > Placeholders.  There are examples of using them in the fine
> > > > DBI and DBD::Oracle manuals and in DBD-Oracle-xxx/Oracle.ex/ .
> > > > 
> > > http://xmlproj.com/fom-serve/cache/49.html
> > 
> > -- 
> > Mac :})
> > ** I normally forward private questions to the appropriate 
> > mail list. ** Ask Smarter: 
> > http://www.catb.org/~esr/faqs/smart-> questions.html
> > Give a 
> > hobbit a fish and he eats fish for a 
> > day.
> > Give a hobbit a ring and he eats fish for an age.
> > 
> >

Reply via email to