Hmm, what was the message that you got back when you executed this stement?
Rodney Broom
- Original Message -
From: "Omri Tintpulver" [EMAIL PROTECTED]
To: "'Rodney Broom'" [EMAIL PROTECTED]
Sent: Tuesday, 14 November, 2000 07:07
Subject: RE: Problem with single quote ' character
Hi Rodney, thanks very much for your reply. I'm trying it now, but I'm doing
something wrong. Here's what I have, could you take a look at it?
#parse query string and enter into database if query string exists
my $authors = $query{'authors'};
my $title = $query{'title'};
my $year = $query{'year'};
my $source = $query{'source'};
my $topic = $query{'topic'};
my $purpose = $query{'purpose'};
my $sample = $query{'sample'};
my $gmc = $query{'gmc'};
my $process = $query{'process'};
my $outcome = $query{'outcome'};
my $rater = $query{'rater'};
my $results = $query{'results'};
my $refs = $query{'refs'};
my $notes = $query{'notes'};
my $therapy = $query{'therapy'};
my $analysis = $query{'analysis'};
my $critique = $query{'critique'};
my $getcopy = $query{'getcopy'};
my $id = $query{'id'};
#make sure all single quotes are escaped
$q_authors = $dbh-quote($authors);
$q_title = $dbh-quote($title);
$q_year = $dbh-quote($year);
$q_source = $dbh-quote($source);
$q_topic = $dbh-quote($topic);
$q_purpose = $dbh-quote($purpose);
$q_sample = $dbh-quote($sample);
$q_gmc = $dbh-quote($gmc);
$q_process = $dbh-quote($process);
$q_outcome = $dbh-quote($outcome);
$q_rater = $dbh-quote($rater);
$q_results = $dbh-quote($results);
$q_refs = $dbh-quote($refs);
$q_notes = $dbh-quote($notes);
$q_therapy = $dbh-quote($therapy);
$q_analysis = $dbh-quote($analysis);
$q_critique = $dbh-quote($critique);
$q_getcopy = $dbh-quote($getcopy);
#update entry form into the database
$sth = $dbh-prepare( "UPDATE tbl_sarah SET authors = '$authors', title =
'$title', year = '$year', source = '$source', topic = '$topic', purpose =
'$purpose', sample = '$sample', gmc = '$gmc', process = '$process', outcome
= '$outcome', rater = '$rater', results = '$results', refs = '$refs', notes
= '$notes', therapy = '$therapy', analysis = '$analysis', critique =
'$critique', getcopy = '$getcopy' WHERE id = '$id'" );
$sth-execute();
--I've put single quotes and also tried no quotes around the variables in
the SQL statement; neither worked.
Thanks again,
Omri
-Original Message-
From: Rodney Broom [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 13, 2000 10:15 PM
To: [EMAIL PROTECTED]
Subject: Re: Problem with single quote ' character
Hi Omri,
RH This is an FAQ and there is a lot of info on this. You need to escape
it
RH with \.
RH Just about all languages have a function that does this for you. Look
up
RH the appropriate docs.
Hmm, let's see if I can be a little bit more helpful than Rolf. Although he
really is right. ;-)
- Here's the SQL side of it:
Let's say that $firstfield is equal to "Rodney's sooo cool!', and that $id
is
equal to 86. That means that when this statement is passed into your DB
(MySQL),
that the text of:
UPDATE tbl_hello SET firstfield = '$firstfield' WHERE id = '$id'
will come through as:
UPDATE tbl_hello SET firstfield = 'Rodney's sooo cool!' WHERE id = '86'
See the problem?
- OK, now the Perl side:
First, I'm assuming that you are using the DBI package. If not, say so. DBI
provides a neeto routine called quote(), it works like this:
$q_var = $dbh-quote($var);
So, doing that to $firstfield would look like this:
$q_firstfield = $dbh-quote($firstfield);
$firstfield is not equal to ['Rodney\'s soo cool'], including all three
single
quotes. So, if your Perl code looks like this:
$sql = sprintf(
qq{UPDATE tbl_hello SET firstfield = %s WHERE id = '$id'},
$dbh-quote($firstfield)
);
Then you'll get the SQL to pass to the DB that you are looking for.
Hollar if you have any other questions.
Rodney Broom
--
-
Please check "http://www.mysql.com/documentation/manual.php" before
posting. To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, send a message to:
[EMAIL PROTECTED]
If you have a broken mail client that cannot send a message to
the above address (Microsoft Outlook), you can use:
http://lists.mysql.com/php/unsubscribe.php