Re: DBI file input to blob

sigh! The code, which isn't working is:

# if a syllabus was  attached

    if($query->param('syllabus')) {
	while($bytesread = read($query->param('syllabus'),$buffer,1024)) {
	    $syllabus .= $buffer;
	}
	$sylName = $query->param('syllabus');
	$sylName =~ s/.*\/\\(.*)/$1/;
    }
    $sql = "INSERT INTO class_info(title, instructor, inst_email, " .
           "active,max_students, description,syllabus,begin_date, " .
	   "syll_name,begin_time,class_length) VALUES('" . 
	   $query->param('title') . "','" .
	   $query->param('name') . "','" . $query->param('email') . "',1," .
	   $maxstud . ",'" . $query->param('description') . "'," .
	   $syllabus . ",'" . 
           $query->param('year0') . "-" . $query->param('mon0') . "-" .
	   $query->param('day0') . "','" . $sylName . "'," .
	   "SEC_TO_TIME(TIME_TO_SEC('" . $query->param('classtime') . "') + " .
	       $timeadj . ")," . $query->param('lengthofclass') . ")";
    $dbh->do("INSERT INTO class_info(title, instructor, inst_email, " .
           "active,max_students, description,syllabus,begin_date, " .
	   "syll_name) VALUES('" . $query->param('title') . "','" .
	   $query->param('name') . "','" . $query->param('email') . "',1," .
	   $maxstud . ",'" . $query->param('description') . "'," .
	   $syllabus . ",'" . 
           $query->param('year0') . "-" . $query->param('mon0') . "-" .
	   $query->param('day0') . "','" . $sylName . "'" .
	   "SEC_TO_TIME(TIME_TO_SEC('" . $query->param('classtime') . "') + " .
	   $timeadj . ")," . $query->param('lengthofclass') . ")";
	|| die $sql . "\n" . $dbh->errstr;

Comment on Re: DBI file input to blob

Replies are listed 'Best First'.
Re: Re: DBI file input to blob by abstracts (Hermit) on Aug 06, 2001 at 21:47 UTC
Hello You should first prepare your statement then execute it. Look at the DBI manual for how you can do that. Basically your code should look something like: `my @hdr = qw/title instructor inst_email active max_students description syllabus begin_date syll_name begin_time class_length/; my @val = map "?", @hdr; my @real_val = map{param($_)}@hdr; my $sql; { local $" = ','; $sql = "insert into class_info(@hdr) values (@val)"; } my $sth = $dbh->prepare($sql); $sth->execute(@real_val);` [download] This is a much cleaner approach and you don't need to worry about escaping noise and escaping the binary attachment since you can include the variable holding the binary data (the blob) directly to the execute statement. Add sanity checks and dies as you want. They were removed for readability. Aziz,,,	[reply] [d/l]
Re: Re: DBI file input to blob by foogod (Friar) on Aug 06, 2001 at 21:49 UTC
"isn't working" is a bit vague ... at best. What is the error you are getting? Without the whole code, I would have to program my own version of this and then verify yours from there. Post your error code, and perhaps we can go from there. - f o o g o d --- ruining the bell curve for everyone else ---	[reply]