Re: Quote mark in string messing up mySQL INSERT

Either placeholders or use the quote function in DBI.

I would recode your example thus (completely untested and with no warranty):

sub insertAttribute{
    my ($serverID, $featureID, $value) = @_;
    $_ = $dbh->quote($_) for qw($serverID, $featureID, $value);
    my $sqlINS = qq{ INSERT INTO attribute VALUES ($serverID, $feature
+ID, $value) };
    $dbh->do ($sqlINS);
}
[download]

Remember: $dbh->quote(expression) is your friend.

Comment on Re: Quote mark in string messing up mySQL INSERT Select or Download Code

Replies are listed 'Best First'.
Re: Re: Quote mark in string messing up mySQL INSERT by shoez (Sexton) on Dec 13, 2002 at 00:23 UTC
Using $dbh->quote or placeholders will also prevent you from suffering SQL injection attacks... which could clear out your database if you're unlucky! tom	[reply]
Re: Re: Re: Quote mark in string messing up mySQL INSERT by Cmdr_Tofu (Scribe) on Dec 13, 2002 at 04:10 UTC
Is it safe to use apostrophes instead of quotes? In the past I have always done: `$dbh->do("insert into mytable values('$myStringWhichPossiblyContainsQu +otes', '$another string', ...);` [download] Rohit	[reply] [d/l]
Re^4: Quote mark in string messing up mySQL INSERT by htoug (Deacon) on Dec 13, 2002 at 08:24 UTC
Nope!! What if your variables contain apostrophes? Or other 'nasty' characters? Stick with either `$dbh->quote($variable)` or use placeholders.	[reply] [d/l]