Re: Need help escaping literal string

Replies are listed 'Best First'.
Re^2: Need help escaping literal string by mrras25 (Acolyte) on Nov 15, 2012 at 01:47 UTC
Thank you for the reply How exactly would I do it? Lets say I have a value of `while(@values = $sth->fetchrow_array) { print "$values[8]\n"; }` [download] the return value of that is : /vol/enycmmcfl01b_ssd2_home_1b_a/CBirbigl$'s as you can see if I try and take that value and insert in to an insert statement to execute that through perl `my $insert = "insert into dbtable (vol) values ('$values[8]')";` [download] the insert statement will now fail because it will look like `insert into dbtable (vol) valuse ('/vol/enycmmcfl01b_ssd2_home_1b_a/CB +irbigl$'s')` [download] And well that wont work	[reply] [d/l] [select]
Re^3: Need help escaping literal string by roboticus (Chancellor) on Nov 15, 2012 at 02:34 UTC
mrras25: That's why davido mentioned placeholders. It's something like: `# Prepare a statement... my $sth = $dbh->prepare("insert into dbtable (vol) values (?)"); my $funky_string = "/vol/enycmmcfl01b_ssd2_home_1b_a/CBirbigl$'s"; $sth->execute($funky_string);` [download] This way, you don't have to worry about the odd characters inside your statement. Building your own statements like you were trying to do just leads to the difficulties you're experiencing. That's why placeholders were invented. ...roboticus When your only tool is a hammer, all problems look like your thumb.	[reply] [d/l]
Re^4: Need help escaping literal string by mrras25 (Acolyte) on Nov 15, 2012 at 04:07 UTC
OUTSTANDING folks thank you for getting back to me I will give that a whirl and see how that flows... Again thanks all	[reply]
Re^3: Need help escaping literal string by muba (Priest) on Nov 15, 2012 at 02:20 UTC
Typically it would look a little like this. `my $insert = "insert into table (vol) values (?)"; $dbh->do($insert, $values[8]);` [download] Generally, the notion is that you never directly put variables into SQL statements.	[reply] [d/l]