in reply to Using CGI.pm params to make a DBI MySQL query

If you do that:

my $sth = $dbh->prepare("INSERT INTO tbl VALUES (?,?,?)");
$sth->execute(@values) or die $dbh->errstr;

[download]

you should win twice:

  1. You get your values quoted.
  2. You can use an array.

Hope that helps.

alex pleiner <alex@zeitform.de>
zeitform Internet Dienste

Replies are listed 'Best First'.
Re: Re: Using CGI.pm params to make a DBI MySQL query
by George_Sherston (Vicar) on Oct 09, 2001 at 20:08 UTC
    Hmm, that's particularly good in my case because when I'm not making my query with CGI params I'm making it with the output of a SELECT query, and that output is in the form of an arrayref. Using an array avoids the intermediate step of breaking out the array into its elements.

    § George Sherston
[reply]

In Section Seekers of Perl Wisdom