in reply to mySQL with Perl

Another way to deal with the problem of names with 's in them is to use the quote method. The quote method returns the input string properly quoted and with whatever needs to be escaped escaped. Example: 
$query = 'INSERT INTO members 
    (username, password, email, name, url, date) 
    Values (' . 
        $dbh->quote($username) ', ' . 
        $dbh->quote($password) . ', ' . 
        $dbh->quote($email) . ', ' . 
        $dbh->quote($name) . ', ' . 
        $dbh->quote($url) . ', ' . 
        $dbh->quote($time) . 
    ')' ;

[download]

Replies are listed 'Best First'.
Re: Re: mySQL with Perl
by Juerd (Abbot) on Mar 06, 2002 at 18:56 UTC
    "?"-placeholders are a lot cleaner, and use the same quote() internally. 

    $sth = $dbh->prepare('SOME QUERY WITH (' .
    $dbh->quote($foo) . ', ' .
    $dbh->quote($bar) .
    ')';
$sth->execute();

###

$sth = $dbh->prepare('SOME QUERY WITH (?, ?)');
$sth->execute($foo, $bar);

### And if you really, really want to quote() yourself,
## at least use join and map to make easy additions
# possible:

$sth = $dbh->prepare('SOME QUERY WITH (' .
    join(', ', map $dbh->quote($_),
        $username, $password, $email, $name, $url, $time
    ) . ');';

# But still, placeholders ARE better!

    [download]

    ++ vs lbh qrpbqrq guvf hfvat n ge va Crey :)
Nabgure bar vs lbh qvq fb jvgubhg ernqvat n znahny svefg.
-- vs lbh hfrq OFQ pnrfne ;)
    - Whreq

[reply]
[d/l]

In Section Seekers of Perl Wisdom