(jeffa) Re: Coding Errror

Adding to dragonchild's excellent advice, a better way to insert values into a database table is to use bind vars. Instead of using do(), you first prepare() the statement (which uses question marks(?) instead of the values) and then you execute() it:

my $rv = $dbh->prepare("
                insert into table foo
                values (?,?,?,?,?,?,?,?,?,?)
");
$rv->execute(
   'NULL','ME','testing',$from,$url,
   $name,3,$category,$subject,$body,
);
[download]

Now you don't have to worry about quoting the values. Much more portable among different database vendors.

jeffa

L-LL-L--L-LL-L--L-LL-L--
-R--R-RR-R--R-RR-R--R-RR
F--F--F--F--F--F--F--F--
(the triplet paradiddle)

Comment on (jeffa) Re: Coding Errror Select or Download Code

Replies are listed 'Best First'.
Re: (jeffa) Re: Coding Errror by Fastolfe (Vicar) on Dec 01, 2001 at 03:24 UTC
In addition, `qq{"$value"}` fails in cases like: `$value = 'My "value" here';` `$value = 'Will this work?"; drop table foo;';` Definitely better off using bind variables or using DBI to escape/quote each parameter as you use it.	[reply] [d/l] [select]