Jenda Krynicky <[EMAIL PROTECTED]> wrote:
>> die "bad value $foo" if $foo =~ tr/'//;
>> $sql = "select * from a where x = '$foo'";
>>in this particular case you can assume that in SQL only another '
>>character can terminate a string quoted with '.
>I'm afraid this depends on the database. I'd expect "\0" to be
>problematic to some databases as well.
Hmm, looks like you're right. Both Sybase and Oracle choke on NUL in
the middle of a quoted string. Unfortunately Sybase also goes wrong
when you use placeholders!
create table test_nul (a varchar(100) not null)
my $sth = $dbh->prepare("insert into test_nul (a) values (?)");
$sth->execute("x\0y");
my $r = $dbh->selectall_arrayref(
'select a, char_length(a) from test_nul'
);
foreach (@$r) {
my ($a, $char_length) = @$_;
print "got value: '$a' of length, ", length $a,
", char_length $char_length\n";
}
With Sybase 11.9.2, DBI-1.30, DBD::Sybase-0.95, OCS-12.5 this prints
got value: 'x' of length, 1, char_length 1
in other words the column value has been truncated at the NUL byte
when inserting. Oracle handles the placeholder insert correctly.
Since this is a Sybase-specific bug I'm including sybperl-l and
further discussion can happen there.
--
Ed Avis <[EMAIL PROTECTED]>
