On Fri, 2003-12-05 at 06:28, Avis, Ed wrote: > Jenda Krynicky <[EMAIL PROTECTED]> wrote: > > >> die "bad value $foo" if $foo =~ tr/'//; > >> $sql = "select * from a where x = '$foo'"; > > >>in this particular case you can assume that in SQL only another ' > >>character can terminate a string quoted with '. > > >I'm afraid this depends on the database. I'd expect "\0" to be > >problematic to some databases as well. > > Hmm, looks like you're right. Both Sybase and Oracle choke on NUL in > the middle of a quoted string. Unfortunately Sybase also goes wrong > when you use placeholders!
>From the DBD::Sybase code (around line 3560 in dbdimp.c): default: phs->datafmt.datatype = CS_CHAR_TYPE; value = phs->sv_buf; value_len = CS_NULLTERM; /*Allow embeded NUL bytes in strings?*/ /* PR/446: should an empty string cause a NULL, or not? */ if(*(char*)value == 0) { if(imp_dbh->bindEmptyStringNull) { value = NULL; value_len = CS_UNUSED; } else { value = " "; } } break; As you can see the value_len is set the CS_NULLTERM, which tells Sybase/OpenClient that the string is null-terminated. As the comment suggests, this is probably/possibly a bug, although it hasn't come up before as an issue. Michael -- Michael Peppler Data Migrations, Inc. [EMAIL PROTECTED] http://www.mbay.net/~mpeppler Sybase T-SQL/OpenClient/OpenServer/C/Perl developer available for short or long term contract positions - http://www.mbay.net/~mpeppler/resume.html