in reply to escaping special characters in mysql queries

The placeholders "(?,?,?)" already do the quoting for you.
By using an additional $dbh->quote() you quoted your data twice.
Best you stick to using placeholders and drop the additional $dbh->quote().

Cheers, Sören

  • Comment on Re: escaping special characters in mysql queries

Replies are listed 'Best First'.
Re^2: escaping special characters in mysql queries
by Anonymous Monk on Nov 22, 2004 at 10:12 UTC
    i have dropped $dbh->quote() method..still iam not happy with my data..
    if my string is : i haven't attended
    the value is stored as 'i haven\'t attended'. when i read this value it gives 'i haven\'t attended' . But i wanted it as to be like original string. Please suggest how can i accomplish this thing.
    If my string is: i haven't attended. "may be i will do it".
    in the database the value is stored as: i haven\
    any clues..
    thanks
    kamesh
[reply]

      when i read this value it gives 'i haven\'t attended'

      If that's the case, then at the time of writing you inserted \'i haven\\\'t attended.\' to the database;
      meaning it was still quoted twice. I assume that you either have another $dbh->quote() on that value somewhere in your code - or you are looking at old data in the database, not at the freshly inserted data.
      Did you check if the new insert succeeded or maybe failed for some reason?

      The data retrieved from the database (and not quoted after retrieving) should give i haven't attended - no backslashes.

      Update:

      in the database the value is stored as: i haven\

      That data is corrupted. It was inserted as "i haven\\'" - the "'" survived and was interpreted as string terminator because it was oddly quoted: the quoting did not affect it, it only quoted the other backslash. That's strange, it looks like manual tampering to me. If that's not the case, I am at a loss here =(

      Cheers, Sören

[reply]
        Thanks..for the help
        i have one more question..
        if my string value is: be prepared! you can't do that "may be i will do it".
        the value being stored is: be prepared! you can't do that
        the value is being truncated..any clues..
        thanks
        kamesh
[reply]

In Section Seekers of Perl Wisdom