Re: No apostrophe Insert into MySQL

use placeholders as said before, and use qq or q in lieu of regular quotes. This will help with confusion and escaping single quotes.

$statement = qq{ 
INSERT INTO Posts(subject,id,heading,body,date,time,approved)
 VALUES (?,?,?,?,CURDATE(),CURTIME(),1)};
[download]

meh.

Comment on Re: No apostrophe Insert into MySQL Select or Download Code

Replies are listed 'Best First'.
Re^2: No apostrophe Insert into MySQL by intranetman (Acolyte) on Nov 01, 2005 at 16:37 UTC
Thanks to everyone for their help. I did use a regex to check user input, but place holder's are definitely a good idea. I have my own mod_security rules for SQL injection attacks, however, I will be sure to read Ovid's tutorial, use the DBI quoting facility, and use qq from this point forward. I didn't expect my request to generate so much discussion. Thank you for all the insight, I have much to learn.	[reply]

Replies are listed 'Best First'.

Re^2: No apostrophe Insert into MySQL
by intranetman (Acolyte) on Nov 01, 2005 at 16:37 UTC

Thanks to everyone for their help. I did use a regex to check user input, but place holder's are definitely a good idea. I have my own mod_security rules for SQL injection attacks, however, I will be sure to read Ovid's tutorial, use the DBI quoting facility, and use qq from this point forward. I didn't expect my request to generate so much discussion. Thank you for all the insight, I have much to learn.

[reply]