Jenda Krynicky <[EMAIL PROTECTED]> wrote: >> die "bad value $foo" if $foo =~ tr/'//; >> $sql = "select * from a where x = '$foo'";
>>in this particular case you can assume that in SQL only another ' >>character can terminate a string quoted with '. >I'm afraid this depends on the database. I'd expect "\0" to be >problematic to some databases as well. Hmm, looks like you're right. Both Sybase and Oracle choke on NUL in the middle of a quoted string. Unfortunately Sybase also goes wrong when you use placeholders! create table test_nul (a varchar(100) not null) my $sth = $dbh->prepare("insert into test_nul (a) values (?)"); $sth->execute("x\0y"); my $r = $dbh->selectall_arrayref( 'select a, char_length(a) from test_nul' ); foreach (@$r) { my ($a, $char_length) = @$_; print "got value: '$a' of length, ", length $a, ", char_length $char_length\n"; } With Sybase 11.9.2, DBI-1.30, DBD::Sybase-0.95, OCS-12.5 this prints got value: 'x' of length, 1, char_length 1 in other words the column value has been truncated at the NUL byte when inserting. Oracle handles the placeholder insert correctly. Since this is a Sybase-specific bug I'm including sybperl-l and further discussion can happen there. -- Ed Avis <[EMAIL PROTECTED]>