Milti has asked for the wisdom of the Perl Monks concerning the following question:

I use PERL and a form with a <text area> and CGI scripts to input text into a MySQL table. The script is something like this: 

sub update {

#!/usr/bin/perl -w
 use DBI;
my ($dbh, $sth, $AccountID, $Input);

$AccountID="$FORM{'AccountID'}";
$Input="$FROM{'Input'}";
$dbh = DBI->connect('dbi:mysql:membersdb','member','somepasswd') || di
+e "cannot open";
$sql = qq`UPDATE memberinfo SET Input='$Input' WHERE AccountID='$Accou
+ntID'`;
$sth = $dbh->prepare($sql) or die "Cannot prepare: " . $dbh->errstr();
$sth->execute() or die "Cannot execute: " . $sth->errstr();
$sth->finish();
}

[download]
The text is input just fine as long as it doesn't contain single or double quotes. I know the quotation marks have to be escaped but have not been able to find a method to do that to a variable, i.e. $Input. Is there a simple way to do that with PERL? If so can someone point me to it or, better yet, provide the code I need in the above example. Thanks for any assistance!!

Replies are listed 'Best First'.
Re: MySQL Not Accepting $Value That Contains Single or Double Quotes
by no_slogan (Deacon) on Jan 18, 2014 at 00:59 UTC
[reply]

Back to Seekers of Perl Wisdom