Escaping single quote in DBI::ODBC
I am attempting to update a SQLServer db and getting an error when the value
contains a quote (apostrophe) as can be seen from the following error
message.
Error is Update contact
information failed, column is asc_contacts.title, value is vp's -1
([Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax
near 's'. (SQL-42000) [Microsoft][ODBC SQL Server Driver][SQL
Server]Unclosed quotation mark before the character string ''.
(SQL-42000)(DBD: Execute immediate failed err=-1)), occurred at
Subscriber module line 891
Here is the code for the update:
my $rows = $dbh-do (UPDATE asc_contacts set $subscriberhash{$contactvar}
= '$tree-{contact}-{$contactvar}'
where asc_contacts.contact_id = '$tree-{contact}-{contact_id}')
or error_handler (Update contact information failed, column is
$subscriberhash{$contactvar}, value is $tree-{contact}-{$contactvar}
$DBI::err ($DBI::errstr), __LINE__);
In reading Paul DuBois's MySQL book he notes the quote() method as a way
around the problem; however, I am not sure if that mechanism will work with
SQLServer.
If it is appropriate, I would change the code to:
my $varvalue = $dbh-quote($tree-{contact}-{$contactvar});
my $rows = $dbh-do (UPDATE asc_contacts set $subscriberhash{$contactvar} =
$varvalue
where asc_contacts.contact_id = '$tree-{contact}-{contact_id}')
or error_handler (Update contact information failed, column is
$subscriberhash{$contactvar}, value is $tree-{contact}-{$contactvar}
$DBI::err ($DBI::errstr), __LINE__);
Can anyone give me some advice as to whether this will work?
Many thanks.
Bernard Golden
Re: Escaping single quote in DBI::ODBC
Doubling up the single quotes will effectively escape them
[EMAIL PROTECTED] wrote:
I am attempting to update a SQLServer db and getting an error when the value
contains a quote (apostrophe) as can be seen from the following error
message.
Error is Update contact
information failed, column is asc_contacts.title, value is vp's -1
([Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax
near 's'. (SQL-42000) [Microsoft][ODBC SQL Server Driver][SQL
Server]Unclosed quotation mark before the character string ''.
(SQL-42000)(DBD: Execute immediate failed err=-1)), occurred at
Subscriber module line 891
Here is the code for the update:
my $rows = $dbh-do (UPDATE asc_contacts set $subscriberhash{$contactvar}
= '$tree-{contact}-{$contactvar}'
where asc_contacts.contact_id = '$tree-{contact}-{contact_id}')
or error_handler (Update contact information failed, column is
$subscriberhash{$contactvar}, value is $tree-{contact}-{$contactvar}
$DBI::err ($DBI::errstr), __LINE__);
In reading Paul DuBois's MySQL book he notes the quote() method as a way
around the problem; however, I am not sure if that mechanism will work with
SQLServer.
If it is appropriate, I would change the code to:
my $varvalue = $dbh-quote($tree-{contact}-{$contactvar});
my $rows = $dbh-do (UPDATE asc_contacts set $subscriberhash{$contactvar} =
$varvalue
where asc_contacts.contact_id = '$tree-{contact}-{contact_id}')
or error_handler (Update contact information failed, column is
$subscriberhash{$contactvar}, value is $tree-{contact}-{$contactvar}
$DBI::err ($DBI::errstr), __LINE__);
Can anyone give me some advice as to whether this will work?
Many thanks.
Bernard Golden
Re: Escaping single quote in DBI::ODBC
I'm not familiar with DBD::ODBC, but using placeholders would
fix that (all quoting issues) problem, and can only help
performance - no good reason not to use placeholders, assuming
DBD::ODBC supports them. Read about them by doing
perldoc DBI
and search(using the forward slash /) for Placeholder.
That would make your code look something like this:
$sql = qq{
UPDATE asc_contacts
SET $subscriberhash{$contactvar} = ?
WHERE asc_contacts.contact_id = ?
};
my $sth = $dbh-prepare($sql)
or error_handler (Prepare failed - blah blah. Error was $DBI::errstr);
my $rows_affected = $sth-execute(
$tree-{contact}-{$contactvar},
$tree-{contact}-{contact_id}
) or error_handler (Execute failed - blah blah: error was $DBI::errstr);
And read about DBD::ODBC by doing
perldoc DBD::ODBC
HTH.
--
Hardy Merrill
Red Hat, Inc.
Bernard Golden [EMAIL PROTECTED] wrote:
I am attempting to update a SQLServer db and getting an error when the value
contains a quote (apostrophe) as can be seen from the following error
message.
Error is Update contact
information failed, column is asc_contacts.title, value is vp's -1
([Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax
near 's'. (SQL-42000) [Microsoft][ODBC SQL Server Driver][SQL
Server]Unclosed quotation mark before the character string ''.
(SQL-42000)(DBD: Execute immediate failed err=-1)), occurred at
Subscriber module line 891
Here is the code for the update:
my $rows = $dbh-do (UPDATE asc_contacts set $subscriberhash{$contactvar}
= '$tree-{contact}-{$contactvar}'
where asc_contacts.contact_id = '$tree-{contact}-{contact_id}')
or error_handler (Update contact information failed, column is
$subscriberhash{$contactvar}, value is $tree-{contact}-{$contactvar}
$DBI::err ($DBI::errstr), __LINE__);
In reading Paul DuBois's MySQL book he notes the quote() method as a way
around the problem; however, I am not sure if that mechanism will work with
SQLServer.
If it is appropriate, I would change the code to:
my $varvalue = $dbh-quote($tree-{contact}-{$contactvar});
my $rows = $dbh-do (UPDATE asc_contacts set $subscriberhash{$contactvar} =
$varvalue
where asc_contacts.contact_id = '$tree-{contact}-{contact_id}')
or error_handler (Update contact information failed, column is
$subscriberhash{$contactvar}, value is $tree-{contact}-{$contactvar}
$DBI::err ($DBI::errstr), __LINE__);
Can anyone give me some advice as to whether this will work?
Many thanks.
Bernard Golden
