in reply to SQL Quoting
DBI's quote method will do this for you ...
- quote
- $sql = $dbh->quote($value);
- $sql = $dbh->quote($value, $data_type);
Quote a string literal for use as a literal value in an SQL statement, by escaping any special characters (such as quotation marks) contained within the string and adding the required type of outer quotation marks.
And if you use placeholders in your do and prepares, the corresponding arguments you pass to execute will automatically be quoted for you.
--k.
|
|---|