subject:"Problem with single quote ' character"

Re: Problem with single quote ' character

2000-11-18 Thread Larry Leszczynski


Hi Omri -

   my $authors = $query{'authors'};
[...]
   $q_authors = $dbh-quote($authors);
[...]
   $sth = $dbh-prepare( "UPDATE tbl_sarah SET authors = '$authors',

It fails because you're not using the quoted version of the variables
(e.g. "$q_authors") in your prepare statement.

Using bind variables like Mike described below is still a better way to
go.  Not only easier, but from what I understand (at least with Oracle) it
allows the database to cache a single update statement (the one with the
placeholders) instead of caching a new statement for each update (with
explicit column values).


 The solution is simple, put the bind variables in the '$sth-execute'
 and it will automagically be quoted like so:
 
 $sth = $dbh-prepapre("UPDATE tbl_sarah SET authors = ?, title = ? WHERE
 id = ?");
 $sth-execute($authors, $title, $id);
 
 use one variable per placeholder '?'. no need to use single quotes in the
 SQL statement. for more info read the DBI documentation.
 
 you wouldn't need all those '$q_var = $dbh-quote($var)' lines in the top
 too.



Larry Leszczynski
[EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Problem with single quote ' character

2000-11-15 Thread Victor Michael D. Blancas


  Hi Rodney, thanks very much for your reply. I'm trying it now, but I'm doing
  something wrong. Here's what I have, could you take a look at it?
  
  #parse query string and enter into database if query string exists
  
  my $authors = $query{'authors'};
  my $title = $query{'title'};
  my $year = $query{'year'};
  my $source = $query{'source'};
  my $topic = $query{'topic'};
  my $purpose = $query{'purpose'};
  my $sample = $query{'sample'};
  my $gmc = $query{'gmc'};
  my $process = $query{'process'};
  my $outcome = $query{'outcome'};
  my $rater = $query{'rater'};
  my $results = $query{'results'};
  my $refs = $query{'refs'};
  my $notes = $query{'notes'};
  my $therapy = $query{'therapy'};
  my $analysis = $query{'analysis'};
  my $critique = $query{'critique'};
  my $getcopy = $query{'getcopy'};
  my $id = $query{'id'};
  
  
  #make sure all single quotes are escaped
  
  $q_authors = $dbh-quote($authors);
  $q_title = $dbh-quote($title);
  $q_year = $dbh-quote($year);
  $q_source = $dbh-quote($source);
  $q_topic = $dbh-quote($topic);
  $q_purpose = $dbh-quote($purpose);
  $q_sample = $dbh-quote($sample);
  $q_gmc = $dbh-quote($gmc);
  $q_process = $dbh-quote($process);
  $q_outcome = $dbh-quote($outcome);
  $q_rater = $dbh-quote($rater);
  $q_results = $dbh-quote($results);
  $q_refs = $dbh-quote($refs);
  $q_notes = $dbh-quote($notes);
  $q_therapy = $dbh-quote($therapy);
  $q_analysis = $dbh-quote($analysis);
  $q_critique = $dbh-quote($critique);
  $q_getcopy = $dbh-quote($getcopy);
  
  
  #update entry form into the database
  
  $sth = $dbh-prepare( "UPDATE tbl_sarah SET authors = '$authors', title =
  '$title', year = '$year', source = '$source', topic = '$topic', purpose =
  '$purpose', sample = '$sample', gmc = '$gmc', process = '$process', outcome
  = '$outcome', rater = '$rater', results = '$results', refs = '$refs', notes
  = '$notes', therapy = '$therapy', analysis = '$analysis', critique =
  '$critique', getcopy = '$getcopy' WHERE id = '$id'" );  
  $sth-execute();
  
  --I've put single quotes and also tried no quotes around the variables in
  the SQL statement; neither worked.
  
The solution is simple, put the bind variables in the '$sth-execute'
and it will automagically be quoted like so:

$sth = $dbh-prepapre("UPDATE tbl_sarah SET authors = ?, title = ? WHERE
id = ?");
$sth-execute($authors, $title, $id);

use one variable per placeholder '?'. no need to use single quotes in the
SQL statement. for more info read the DBI documentation.

you wouldn't need all those '$q_var = $dbh-quote($var)' lines in the top
too.

  Thanks again,
  Omri

Mike

Re: Problem with single quote ' character

2000-11-14 Thread Rodney Broom


Hmm, what was the message that you got back when you executed this stement?

Rodney Broom

- Original Message - 
From: "Omri Tintpulver" [EMAIL PROTECTED]
To: "'Rodney Broom'" [EMAIL PROTECTED]
Sent: Tuesday, 14 November, 2000 07:07
Subject: RE: Problem with single quote ' character


 Hi Rodney, thanks very much for your reply. I'm trying it now, but I'm doing
 something wrong. Here's what I have, could you take a look at it?
 
 #parse query string and enter into database if query string exists
 
 my $authors = $query{'authors'};
 my $title = $query{'title'};
 my $year = $query{'year'};
 my $source = $query{'source'};
 my $topic = $query{'topic'};
 my $purpose = $query{'purpose'};
 my $sample = $query{'sample'};
 my $gmc = $query{'gmc'};
 my $process = $query{'process'};
 my $outcome = $query{'outcome'};
 my $rater = $query{'rater'};
 my $results = $query{'results'};
 my $refs = $query{'refs'};
 my $notes = $query{'notes'};
 my $therapy = $query{'therapy'};
 my $analysis = $query{'analysis'};
 my $critique = $query{'critique'};
 my $getcopy = $query{'getcopy'};
 my $id = $query{'id'};
 
 
 #make sure all single quotes are escaped
 
 $q_authors = $dbh-quote($authors);
 $q_title = $dbh-quote($title);
 $q_year = $dbh-quote($year);
 $q_source = $dbh-quote($source);
 $q_topic = $dbh-quote($topic);
 $q_purpose = $dbh-quote($purpose);
 $q_sample = $dbh-quote($sample);
 $q_gmc = $dbh-quote($gmc);
 $q_process = $dbh-quote($process);
 $q_outcome = $dbh-quote($outcome);
 $q_rater = $dbh-quote($rater);
 $q_results = $dbh-quote($results);
 $q_refs = $dbh-quote($refs);
 $q_notes = $dbh-quote($notes);
 $q_therapy = $dbh-quote($therapy);
 $q_analysis = $dbh-quote($analysis);
 $q_critique = $dbh-quote($critique);
 $q_getcopy = $dbh-quote($getcopy);
 
 
 #update entry form into the database
 
 $sth = $dbh-prepare( "UPDATE tbl_sarah SET authors = '$authors', title =
 '$title', year = '$year', source = '$source', topic = '$topic', purpose =
 '$purpose', sample = '$sample', gmc = '$gmc', process = '$process', outcome
 = '$outcome', rater = '$rater', results = '$results', refs = '$refs', notes
 = '$notes', therapy = '$therapy', analysis = '$analysis', critique =
 '$critique', getcopy = '$getcopy' WHERE id = '$id'" );  
 $sth-execute();
 
 --I've put single quotes and also tried no quotes around the variables in
 the SQL statement; neither worked.
 
 Thanks again,
 Omri
 
 
 -Original Message-
 From: Rodney Broom [mailto:[EMAIL PROTECTED]]
 Sent: Monday, November 13, 2000 10:15 PM
 To: [EMAIL PROTECTED]
 Subject: Re: Problem with single quote ' character
 
 
 Hi Omri,
 
 RH This is an FAQ and there is a lot of info on this.  You need to escape
 it
 RH with \.
 RH Just about all languages have a function that does this for you.  Look
 up
 RH the appropriate docs.
 
  Hmm, let's see if I can be a little bit more helpful than Rolf. Although he
 really is right. ;-)
 
 - Here's the SQL side of it:
 Let's say that $firstfield is equal to "Rodney's sooo cool!', and that $id
 is
 equal to 86. That means that when this statement is passed into your DB
 (MySQL),
 that the text of:
  UPDATE tbl_hello SET firstfield = '$firstfield' WHERE id = '$id'
 will come through as:
  UPDATE tbl_hello SET firstfield = 'Rodney's sooo cool!' WHERE id = '86'
 
 See the problem?
 
 - OK, now the Perl side:
 First, I'm assuming that you are using the DBI package. If not, say so. DBI
 provides a neeto routine called quote(), it works like this:
   $q_var = $dbh-quote($var);
 So, doing that to $firstfield would look like this:
   $q_firstfield = $dbh-quote($firstfield);
 $firstfield is not equal to ['Rodney\'s soo cool'], including all three
 single
 quotes. So, if your Perl code looks like this:
   $sql = sprintf(
 qq{UPDATE tbl_hello SET firstfield = %s WHERE id = '$id'},
 $dbh-quote($firstfield)
   );
 
 Then you'll get the SQL to pass to the DB that you are looking for.
 Hollar if you have any other questions.
 
 
 Rodney Broom
 
 
 
 -- 
 -
 Please check "http://www.mysql.com/documentation/manual.php" before
 posting. To request this thread, e-mail [EMAIL PROTECTED]
 
 To unsubscribe, send a message to:
 [EMAIL PROTECTED]
 
 If you have a broken mail client that cannot send a message to
 the above address (Microsoft Outlook), you can use:
 http://lists.mysql.com/php/unsubscribe.php

Re: Problem with single quote ' character

Re: Problem with single quote ' character

Re: Problem with single quote ' character

3 matches

Site Navigation

Mail list logo

Footer information