Hi Omri -
> > > my $authors = $query{'authors'};
[...]
> > > $q_authors = $dbh->quote($authors);
[...]
> > > $sth = $dbh->prepare( "UPDATE tbl_sarah SET authors = '$authors',
It fails because you're not using the quoted version of the variables
(e.g. "$q_authors") in your prepare statement.
Using bind variables like Mike described below is still a better way to
go. Not only easier, but from what I understand (at least with Oracle) it
allows the database to cache a single update statement (the one with the
placeholders) instead of caching a new statement for each update (with
explicit column values).
> The solution is simple, put the bind variables in the '$sth->execute'
> and it will automagically be quoted like so:
>
> $sth = $dbh->prepapre("UPDATE tbl_sarah SET authors = ?, title = ? WHERE
> id = ?");
> $sth->execute($authors, $title, $id);
>
> use one variable per placeholder '?'. no need to use single quotes in the
> SQL statement. for more info read the DBI documentation.
>
> you wouldn't need all those '$q_var = $dbh->quote($var)' lines in the top
> too.
Larry Leszczynski
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]