Re: Problem with single quote ' character

2000-11-18 Thread Larry Leszczynski 

Hi Omri -

> > > my $authors = $query{'authors'};
[...]
> > > $q_authors = $dbh->quote($authors);
[...]
> > > $sth = $dbh->prepare( "UPDATE tbl_sarah SET authors = '$authors',

It fails because you're not using the quoted version of the variables
(e.g. "$q_authors") in your prepare statement.

Using bind variables like Mike described below is still a better way to
go.  Not only easier, but from what I understand (at least with Oracle) it
allows the database to cache a single update statement (the one with the
placeholders) instead of caching a new statement for each update (with
explicit column values).


> The solution is simple, put the bind variables in the '$sth->execute'
> and it will automagically be quoted like so:
> 
> $sth = $dbh->prepapre("UPDATE tbl_sarah SET authors = ?, title = ? WHERE
> id = ?");
> $sth->execute($authors, $title, $id);
> 
> use one variable per placeholder '?'. no need to use single quotes in the
> SQL statement. for more info read the DBI documentation.
> 
> you wouldn't need all those '$q_var = $dbh->quote($var)' lines in the top
> too.



Larry Leszczynski
[EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Problem with single quote ' character

2000-11-15 Thread Victor Michael D. Blancas 

> > Hi Rodney, thanks very much for your reply. I'm trying it now, but I'm doing
> > something wrong. Here's what I have, could you take a look at it?
> > 
> > #parse query string and enter into database if query string exists
> > 
> > my $authors = $query{'authors'};
> > my $title = $query{'title'};
> > my $year = $query{'year'};
> > my $source = $query{'source'};
> > my $topic = $query{'topic'};
> > my $purpose = $query{'purpose'};
> > my $sample = $query{'sample'};
> > my $gmc = $query{'gmc'};
> > my $process = $query{'process'};
> > my $outcome = $query{'outcome'};
> > my $rater = $query{'rater'};
> > my $results = $query{'results'};
> > my $refs = $query{'refs'};
> > my $notes = $query{'notes'};
> > my $therapy = $query{'therapy'};
> > my $analysis = $query{'analysis'};
> > my $critique = $query{'critique'};
> > my $getcopy = $query{'getcopy'};
> > my $id = $query{'id'};
> > 
> > 
> > #make sure all single quotes are escaped
> > 
> > $q_authors = $dbh->quote($authors);
> > $q_title = $dbh->quote($title);
> > $q_year = $dbh->quote($year);
> > $q_source = $dbh->quote($source);
> > $q_topic = $dbh->quote($topic);
> > $q_purpose = $dbh->quote($purpose);
> > $q_sample = $dbh->quote($sample);
> > $q_gmc = $dbh->quote($gmc);
> > $q_process = $dbh->quote($process);
> > $q_outcome = $dbh->quote($outcome);
> > $q_rater = $dbh->quote($rater);
> > $q_results = $dbh->quote($results);
> > $q_refs = $dbh->quote($refs);
> > $q_notes = $dbh->quote($notes);
> > $q_therapy = $dbh->quote($therapy);
> > $q_analysis = $dbh->quote($analysis);
> > $q_critique = $dbh->quote($critique);
> > $q_getcopy = $dbh->quote($getcopy);
> > 
> > 
> > #update entry form into the database
> > 
> > $sth = $dbh->prepare( "UPDATE tbl_sarah SET authors = '$authors', title =
> > '$title', year = '$year', source = '$source', topic = '$topic', purpose =
> > '$purpose', sample = '$sample', gmc = '$gmc', process = '$process', outcome
> > = '$outcome', rater = '$rater', results = '$results', refs = '$refs', notes
> > = '$notes', therapy = '$therapy', analysis = '$analysis', critique =
> > '$critique', getcopy = '$getcopy' WHERE id = '$id'" );  
> > $sth->execute();
> > 
> > --I've put single quotes and also tried no quotes around the variables in
> > the SQL statement; neither worked.
> > 
The solution is simple, put the bind variables in the '$sth->execute'
and it will automagically be quoted like so:

$sth = $dbh->prepapre("UPDATE tbl_sarah SET authors = ?, title = ? WHERE
id = ?");
$sth->execute($authors, $title, $id);

use one variable per placeholder '?'. no need to use single quotes in the
SQL statement. for more info read the DBI documentation.

you wouldn't need all those '$q_var = $dbh->quote($var)' lines in the top
too.

> > Thanks again,
> > Omri

Mike

Re: Problem with single quote ' character

2000-11-14 Thread Rodney Broom 

Hmm, what was the message that you got back when you executed this stement?

Rodney Broom

- Original Message - 
From: "Omri Tintpulver" <[EMAIL PROTECTED]>
To: "'Rodney Broom'" <[EMAIL PROTECTED]>
Sent: Tuesday, 14 November, 2000 07:07
Subject: RE: Problem with single quote ' character


> Hi Rodney, thanks very much for your reply. I'm trying it now, but I'm doing
> something wrong. Here's what I have, could you take a look at it?
> 
> #parse query string and enter into database if query string exists
> 
> my $authors = $query{'authors'};
> my $title = $query{'title'};
> my $year = $query{'year'};
> my $source = $query{'source'};
> my $topic = $query{'topic'};
> my $purpose = $query{'purpose'};
> my $sample = $query{'sample'};
> my $gmc = $query{'gmc'};
> my $process = $query{'process'};
> my $outcome = $query{'outcome'};
> my $rater = $query{'rater'};
> my $results = $query{'results'};
> my $refs = $query{'refs'};
> my $notes = $query{'notes'};
> my $therapy = $query{'therapy'};
> my $analysis = $query{'analysis'};
> my $critique = $query{'critique'};
> my $getcopy = $query{'getcopy'};
> my $id = $query{'id'};
> 
> 
> #make sure all single quotes are escaped
> 
> $q_authors = $dbh->quote($authors);
> $q_title = $dbh->quote($title);
> $q_year = $dbh->quote($year);
> $q_source = $dbh->quote($source);
> $q_topic = $dbh->quote($topic);
> $q_purpose = $dbh->quote($purpose);
> $q_sample = $dbh->quote($sample);
> $q_gmc = $dbh->quote($gmc);
> $q_process = $dbh->quote($process);
> $q_outcome = $dbh->quote($outcome);
> $q_rater = $dbh->quote($rater);
> $q_results = $dbh->quote($results);
> $q_refs = $dbh->quote($refs);
> $q_notes = $dbh->quote($notes);
> $q_therapy = $dbh->quote($therapy);
> $q_analysis = $dbh->quote($analysis);
> $q_critique = $dbh->quote($critique);
> $q_getcopy = $dbh->quote($getcopy);
> 
> 
> #update entry form into the database
> 
> $sth = $dbh->prepare( "UPDATE tbl_sarah SET authors = '$authors', title =
> '$title', year = '$year', source = '$source', topic = '$topic', purpose =
> '$purpose', sample = '$sample', gmc = '$gmc', process = '$process', outcome
> = '$outcome', rater = '$rater', results = '$results', refs = '$refs', notes
> = '$notes', therapy = '$therapy', analysis = '$analysis', critique =
> '$critique', getcopy = '$getcopy' WHERE id = '$id'" );  
> $sth->execute();
> 
> --I've put single quotes and also tried no quotes around the variables in
> the SQL statement; neither worked.
> 
> Thanks again,
> Omri
> 
> 
> -Original Message-
> From: Rodney Broom [mailto:[EMAIL PROTECTED]]
> Sent: Monday, November 13, 2000 10:15 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Problem with single quote ' character
> 
> 
> Hi Omri,
> 
> RH> This is an FAQ and there is a lot of info on this.  You need to escape
> it
> RH> with \.
> RH> Just about all languages have a function that does this for you.  Look
> up
> RH> the appropriate docs.
> 
>  Hmm, let's see if I can be a little bit more helpful than Rolf. Although he
> really is right. ;-)
> 
> - Here's the SQL side of it:
> Let's say that $firstfield is equal to "Rodney's sooo cool!', and that $id
> is
> equal to 86. That means that when this statement is passed into your DB
> (MySQL),
> that the text of:
>  UPDATE tbl_hello SET firstfield = '$firstfield' WHERE id = '$id'
> will come through as:
>  UPDATE tbl_hello SET firstfield = 'Rodney's sooo cool!' WHERE id = '86'
> 
> See the problem?
> 
> - OK, now the Perl side:
> First, I'm assuming that you are using the DBI package. If not, say so. DBI
> provides a neeto routine called quote(), it works like this:
>   $q_var = $dbh->quote($var);
> So, doing that to $firstfield would look like this:
>   $q_firstfield = $dbh->quote($firstfield);
> $firstfield is not equal to ['Rodney\'s soo cool'], including all three
> single
> quotes. So, if your Perl code looks like this:
>   $sql = sprintf(
> qq{UPDATE tbl_hello SET firstfield = %s WHERE id = '$id'},
> $dbh->quote($firstfield)
>   );
> 
> Then you'll get the SQL to pass to the DB that you are looking for.
> Hollar if you have any other questions.
> 
> 
> Rodney Broom
> 
> 
> 
> -- 
> -
> Please check "http://www.mysql.com/documentation/manual.php" before
> posting. To request this thread, e-mail [EMAIL PROTECTED]
> 
> To unsubscribe, send a message to:
> <[EMAIL PROTECTED]>
> 
> If you have a broken mail client that cannot send a message to
> the above address (Microsoft Outlook), you can use:
> http://lists.mysql.com/php/unsubscribe.php
>