gbotzz has asked for the wisdom of the Perl Monks concerning the following question:

My problem is very strange. I am pulling users tweets off of twitter.com and trying to store them into a mysql database. Here is how I created the database: 
CREATE TABLE tweets (
    id int unsigned not null PRIMARY KEY auto_increment,
    published blob,
    content blob,
    link blob
);

[download]
So, it will pull the first 3 tweets and put them in there, but stops at 4. Without the SQL statement it prints the values on the command line. Thank for the help in advance guys! The error I get is 
You have an error in your SQL Syntax; check the manual that correspond
+s with your MYSQL server version to use near 's Nuclear Security Summ
+it -- focusing on solutions top keep nuclear materials away

[download]
#!/usr/bin/perl
use warnings;
use strict;
use XML::RSS;
use LWP::Simple;
use DBI;

my $user="root";
my $password="root";
my $database="forex";

# Connect to the database.
  my $dbh = DBI->connect("DBI:mysql:database=forex;host=localhost",
                         "root", "root",
                         {'RaiseError' => 1});


# Get the source file
my $source = get("http://twitter.com/statuses/user_timeline/813286.rss
+");

# Create a new XML:RSS object
my $rss = new XML::RSS (version => '2.0');

# Parse the file into the XML::RSS object
$rss->parse($source);

# For example print titles and links of each RSS item
foreach my $item (@{$rss->{'items'}}) 
{
my $published = $item->{'pubDate'};
my $content = $item->{'title'};
my $link = $item->{'link'};
#print $published . "\n";
#print $content . "\n";
#print $link . "\n\n";
my $sth=$dbh->prepare("INSERT INTO tweets (published, content, link) V
+ALUES ('$published', '$content', '$link')");
$sth->execute();
}

[download]

Replies are listed 'Best First'.
Re: Tweets to a database
by MidLifeXis (Monsignor) on Apr 15, 2010 at 16:31 UTC
    Hello, my name is Bobby Tables. You dropped my database. Prepare to cry. --Princess Bride, sort of ;-)

    Your SQL is open for injection attacks. The single quote in the 4th tweet is causing the SQL syntax to be invalid. Use SQL placeholders instead.

    References

    My wife is walking for a cure for MS. Please consider supporting her.

[reply]
Re: Tweets to a database
by toolic (Bishop) on Apr 15, 2010 at 16:26 UTC 
    my $sth=$dbh->prepare("INSERT INTO tweets (published, content, link) V
+ALUES ('$published', '$content', '$link')");

    [download]
    Update: I was wrong... just ignore:

    I think your single quotes are preventing variable interpolation. Try: 

    my $sth=$dbh->prepare("INSERT INTO tweets (published, content, link) V
+ALUES ($published, $content, $link)");

    [download]
[reply]
[d/l]
[select]
      I think your single quotes are preventing variable interpolation.
      I think not. What makes you think that single quotes inside strings have a special meaning? The single quotes in 
      "INSERT INTO tweets (published, content, link) VALUES ('$published', '
+$content', '$link')"

      [download]
      are just single quotes. They aren't any more special than the e's or the commas in the string.
[reply]
[d/l]
      Thanks. I already tried that, I get the same error and it won't insert anything. With the single quotes it atleast puts 3 tweets in the database. I have tried TEXT and BLOB with no luck too.
[reply]

Back to Seekers of Perl Wisdom