Need help in inserting records in MySQL

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I am having trouble inserting records into an MySQL table via browser. I am able to run the script just fine at the unix prompt. I've checked that the parameters are being passed correctly. When I run it via browser, it seems to perform fine but no records were inserted. I don't know what else to check or do. Please help..... Here's the part that doesn't work: note: donorssn is an integer, regdt is a date, everything else is varchar $dbh->do("insert into registration (donorssn,donordob,regdt,donorname,password,question,answer,email,phone) VALUES($ssn,'$dob','$x','$dname','$pwd','$question','$ans','$email','$ph')"); if(!$dbh) { $err = "Error:" . $dbh->errstr . "\n"; } else { $err = " Thank you for registering online

Please contact the Oklahoma Blood Institute at 1-800-827-5693 for more information"; $rpath = "/obi/register.html"; } Any help or suggestions is greatly appreciated. If you would like to try it out or view the complete script, please email me directly at hoayap@swbell.net.

Comment on Need help in inserting records in MySQL

Replies are listed 'Best First'.
Re: Need help in inserting records in MySQL by runrig (Abbot) on Dec 27, 2000 at 12:32 UTC
First see this on formatting your code, like this: `$dbh->do("insert into registration (donorssn,donordob,regdt,donorname,password, question,answer,email,phone) VALUES($ssn,'$dob','$x','$dname','$pwd', '$question','$ans','$email','$ph')"); if(!$dbh) { $err = "Error:" . $dbh->errstr . "\n"; } else { $err = " Thank you for registering online Please contact the Oklahoma Blood Institute at 1-800-827-5693 for more information"; $rpath = "/obi/register.html"; }` [download] You should not be checking the status of $dbh, which should always be a valid database handle after connecting, you should be checking the return value of $dbh->do(...), like so: `my $status = $dbh->do(....); if ($status) { # OK } else { # Error }` [download] Also look at the DBI documentation (and What are placeholders in DBI, and why would I want to use them?) and consider using placeholders/bind values so that you don't have to worry about quoting your arguments or escaping quotes that users might feed you as input. You won't get any efficiency gain in MySQL, but its still a worthwhile thing to do.	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re: Need help in inserting records in MySQL
by runrig (Abbot) on Dec 27, 2000 at 12:32 UTC

this

$dbh->do("insert into registration
  (donorssn,donordob,regdt,donorname,password,
   question,answer,email,phone)
  VALUES($ssn,'$dob','$x','$dname','$pwd',
  '$question','$ans','$email','$ph')");
if(!$dbh) {
 $err = "Error:" . $dbh->errstr . "\n";
} else {
 $err = " Thank you for registering online
  Please contact the Oklahoma Blood Institute
  at 1-800-827-5693 for more information";
  $rpath = "/obi/register.html";
}
[download]

my $status = $dbh->do(....);
if ($status) {
 # OK
} else {
 # Error
}
[download]

What are placeholders in DBI, and why would I want to use them?

[reply]
[d/l]
[select]