You should use placeholders. Read the perldoc for DBI, and DBD::mysql 
$sth = $dbh->prepare("INSERT INTO walstock (sid, name, qty) VALUES (?,
+?,?)");
# ok, we have 3 placeholders, pass 3 params to the execute function.

if ($sth->execute('DEFAULT', $Data1, $Data2)) {
  print "Worked, cool";
}
else {
  print "Didn't work, uncool, error is: $DBI::errstr";
}

[download]
The placeholders, in some cases speed up your queries, but the main concern, is they escape data properly, which makes for safe queries, and little risk of sql-injection attacks. Imagine this ($user_id read from data a user submitted) 
# we expect $user_id to be a user_id, but we dont' check it.
$dbh->prepare("DELETE FROM foo WHERE user_id=$user_id");
# looks good, except, the user submitted as the value for user_id: 10 
+or 1=1
# so we end up with, "DELETE FROM foo WHERE user_id=10 or 1=1
# which in effect, deletes everything, because 1 always equals 1

[download]
The moral of the story, always use placeholders by default. If you choose not to use them, you know why you aren't using them, and know to verify your data extra carefully. Make using them the default, and think about any time you aren't using them.

(updated, thought of last paragraph after I hit submit, so I added it)
(updated again, removed question about DEFAULT, as it's a valid mysql keyword)

In reply to Re: Problems inserting values in mysql database by cowboy
in thread Problems inserting values in mysql database by ginda

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.