Well, the 1st way around it that I can think of would be to drop Win32::ODBC (unless you REALLY need it) and switch do DBD::ODBC! Not only will you be joining the "standard" in perl database programing, but you'll be able to port your code with minor modifications (not to say none) to other database systems. Here's a sample of what you how you would do it: # 1st prepare the SQL with placeholders
$sth = $dbh->prepare(qq{
INSERT INTO Comment (
Field1, Field2
) VALUES (
?,?
)
}) or die("Failed to prepare ".$DBI::errstr);
# now execute what you've prepared with the variables
$rv = $sth->execute($val1,$val2)
or die("Failed to execute ".$DBI::errstr);
(btrott wrote a complete select example back in March that also addresses placeholders)
Get the general drift? It gets better... Now you're using ODBC, and I'd guess that you're running Access or MS-SQL, right? If you switch to DBI, you'll be able to connect directly to Oracle, Informix, MySQL and others without the need for ODBC standing as a middle man. Seriously, look into DBI/DBDs, you won't regret it!
#!/home/bbq/bin/perl
# Trust no1!
| [reply] [d/l] |
BBQ gives good guidance on this issue. However, if you really want
to stick to Win32 Operations, and you think that you will never
ever move beyond it, you can use ADO, or Active X Data Objects.
ADO is an easy way to use Microsoft's OLE DB API. If you have
coded in ASP or VB, then you will find ADO pretty easy.
An example:
use Win32::OLE;
use Win32::OLE::Const 'Microsoft ActiveX Data Objects';
my $conn = Win32::OLE->new('ADODB.Connection');
$conn->open('FooConn');
$sqlString = "INSERT INTO Foo(Bar, Baz) VALUES (\'$Bar\', \'$Baz\');";
$conn->execute($sqlString);
print "\n\n\tPfft: ", Win32::OLE->LastError(), "\n" if (Win32::OLE->La
+stError());
exit if (Win32::OLE->LastError());
The benefit to ADO is that you can connect it to any database
does support ODBC...but for total portability, I'd suggest you follow
BBQ's advice. | [reply] [d/l] |
Yea, there's a way around this.
sub mySQLQuote {
my ($value,$maxlen) = @_;
$value =~ s/\'/\'\'/g;
$value = substring($value,1,$maxlen);
return $value;
}
val1 = mySQLQuote(1);
$val2 = mySQLQuote("'");
$db->Sql("INSERT INTO Comment ( Field1, Field2 )VALUES ('$val1', '$val
+2') ");
| [reply] [d/l] |
Man I always do that! Stupid stupid.
Your assignments should read:
$val1 = mySQLQuote(1,1);
$val2 = mySQLQuote('1',3);
| [reply] [d/l] |
That's all cool. But how would I do that using Win32::ODBC? | [reply] |