Re: how to ignore ' in an array

Replies are listed 'Best First'.
Re^2: how to ignore ' in an array by davorg (Chancellor) on Aug 03, 2005 at 16:00 UTC
Thats how apostrophes are escaped is SQL Actually, that can vary with different dialects of SQL. I've seen versions where you can double quotes in order to escape them and versions where you use '\'. But if you use placeholders or the DBI `quote` method you don't need to know about that - as it's all hidden within the DBD module that you're using. -- <http://www.dave.org.uk> "The first rule of Perl club is you do not talk about Perl club." -- Chip Salzenberg	[reply]
Re^3: how to ignore ' in an array by Fletch (Bishop) on Aug 03, 2005 at 19:22 UTC
And dialect differences aside, depending on the underlying database's implementation data passed by placeholders may never be seen by the SQL parser making it that much harder for people to attempt XSS attacks (if it's not passed through the SQL parser then the black hat doesn't even get an opening to play What's my quoting mechanism?) -- We're looking for people in ATL	[reply]
Re^3: how to ignore ' in an array by Anonymous Monk on Aug 03, 2005 at 19:28 UTC
Hello, i tried to use place holders....... and i am getting following error: ORA-01008: not all variables bound (DBD ERROR: error possibly near <> indicator...... Here is my code: use DBI; use DBD::Oracle qw(:ora_types); use DBD::ODBC; use Getopt::Long; main(); ########################################################### sub main { $dbh = DBI->connect("dbi:ODBC:$DSN"); $sqlstatement="SELECT from test_table"; $dbh->{LongReadLen} = 140000; $sth = $dbh->prepare($sqlstatement); $sth->execute \|\| DIE("Could not execute SQL statement ... maybe invalid?"); $row_access=0; while (@row=$sth->fetchrow_array) { $c1 = func("COL1",0,1); $c2 = func("COL2",1,2); $INSERT_SQL="INSERT INTO trg_table(". "column1,". "column2". ") VALUES ". "(?,". "?)"; $INSERT_CURSOR=$LDA_DB->prepare($INSERT_SQL); $rv = $INSERT_CURSOR->execute(); $INSERT_CURSOR->finish; $row_access++; } $INSERT_CURSOR->finish; $LDA_DB->disconnect; close(W); } ########################################################### sub func { # if there is no value it replaces with " " otherwise it replaces with value. } ########################################################### column1, column2 being columns of target table and COL1, COL2 of source table. can any one help me with this........ while using place holders what all the things i need to keep in mind..... regards.....	[reply]
Re^4: how to ignore ' in an array by davorg (Chancellor) on Aug 03, 2005 at 22:20 UTC
Please learn to format your code properly. You're making it incredibly difficult for anyone who wants to help you. This will eventually lead to no-one helping you anymore. You use placeholders, but you don't give them any values to work on in you call to "execute". -- <http://www.dave.org.uk> "The first rule of Perl club is you do not talk about Perl club." -- Chip Salzenberg	[reply]
Re^4: how to ignore ' in an array by NateTut (Deacon) on Aug 03, 2005 at 19:31 UTC
I see you didn't take the earlier suggestions on formatting to heart...	[reply] [d/l]