Not really bringing new information into play, but just stressing what the others said: YOU ARE DOING IT WRONG!
The way you use SQL is extremely unsafe, and if you don't change that, you will hear somewhere in the near future "I told you so".
# prepare query my $query = <<"EOSQL"; INSERT INTO closedauctions ( seller, sellerusername, category, title, bids, pounds, description, winningbid, price_per_pound, highbidder, buyerusername, month, day, year, itemnum, filename) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) EOSQL my $sth = $dbh->prepare ($query) or die $sbh->errstr; # Execute query $sth->execute ( $sellername, $sellerusername, $quota, $category, 1, $pounds, $desc, $buyit, $price_per_pound, $buyername, $buyerusername, $month, $day, $year, $form{ITEM}, $cat ) or die $dbh->errstr; # Done inserting $sth->finish; # disconnect from database $dbh->disconnect;
Doesn't that look a lot easier to maintain? Besides that this is safer against attacks, it is also portable. e.g. your code would horribly fail if any of the data variable contans a ".
There is a subtle difference with your code: as you force quotation (which is unreliabvle to say the least) in your statement, undefined values will be stored as an empty string in the database (which should generate tons of warnings if you are running under use strict; and use warnings; (but I fear you are not). In this rewritten example, undefined values are stored as NULL.
One last thing to note that would help you find bugs, it to enable showing DBI errors when they happen:
my $dbh = DBI->connect ($dsn, $user, $pass, { RaiseError => 1, PrintError => 1, ShowErrorStatement => 1, });
In reply to Re: Insert into mysql database
by Tux
in thread Insert into mysql database
by NorCal12
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |