my $sql = "insert into my_table " .
          "(COMMENT) " .
          "values (?)";

my $sth = $dbh->prepare($sql);
my $rc = $sth->execute($comment);
[download]

/\/\averick
perl -l -e "eval pack('h*','072796e6470272f2c5f2c5166756279636b672');"

Yup: read the DBI docs. Your problem is not specific to CGI -- it's just text, after all. In particular, go down to the quote() method and, if you're feeling industrious, read up on placeholders.

Additionally, a Super Search right here on Perlmonks using 'DBI' and 'quote' turns up a boatload of links.

Good luck

Chris
M-x auto-bs-mode

Start from there and come again soon asking more questions. Good luck!

pmas
To make errors is human. But to make million errors per second, you need a computer.

Thanks for the pointers, I solved the problem by familiarizing myself with the quote method.

However, I'd like to explore the placeholder stuff. On seeing the responses I asked myself the same question: why am I not using placeholders? To explain I have to expand the example slightly. Imagine it reads:

# $comment is a text comment, $id is a integer

my $sql = "insert into my_table ".
          "(ID, COMMENT) " . 
          "values (?, ?)";

my $sth = $dbh->prepare($sql);
my $rc = $sth->execute($id, $comment);
[download]

This works fine with MySQL as the database, but I am also using the same code with DB2. It seems DBI quotes the $id integer. DB2 therefore thinks it is a string and refuses to insert it because the column takes integers.

I'll keep working my way through the DBI docs, but does anyone know why this should be the case? or a way around it?

Thanks again

'The guy''s house' is "The guy's house" in perl (well, you could write
+ 'The guy\'s house', too..)
"He said ""Hello""" is "He said \"Hello\"" in perl (or, 'He said "Hell
+o"')
[download]

#i assume here that you define $comment somewhere else..
$comment =~ s/"/""/g;       # if you use double-quotes
# OR: $comment =~ s/'/''/g; # is you use single-quotes
[download]