Re: Replacing a ' in a string

Please use placeholders. Those are like anonymous variables in your SQL, the syntax is a question mark. That way, DBI takes care of all the quoting for you, including the problem you're having now. (You don't put quotes around the question mark.)

As an added benefit, you have to prepare your SQL statement only once, because it no longer contains any variable data. You just execute() the prepared statement with the new data for the placeholders.

The code could look a bit like this — obviously, you must merge it in with what you've got, at the appropriate places:

my $sql = "INSERT INTO mf_forms (CLIENT, RECORD, CONTROL, CUSIP, FROMA
+CCT, F_IND, TOACCT, T_IND) VALUES (?,?,?,?,?,?,?)";
my $sth = $dbh->prepare($sql);
[download]

and foreach record:

$sth->execute($CLIENT, $RECORD, $CONTROL, $CUSIP, $FROMACCT, $F_IND, $
+TOACCT, $T_IND);
[download]

p.s. You may just as well call execute() with an array containing the data.

Comment on Re: Replacing a ' in a string Select or Download Code

Replies are listed 'Best First'.
Re: Re: Replacing a ' in a string by dragonchild (Archbishop) on Feb 06, 2003 at 16:43 UTC
If this is a CGI application, you're going to want to check out prepare_cached(). If you're going to do SELECT statements, see also bind_columns() and fetch(). ------ We are the carpenters and bricklayers of the Information Age. Don't go borrowing trouble. For programmers, this means Worry only about what you need to implement.	[reply]