in reply to SQL Insert with blank in the middle

See quote but better would be to use a parameter:

$dbh2->do("INSERT INTO PerlTest (Postcode,street_column,streetCount) V
+ALUES ('',?,0)", undef, $mystreet);

[download]

Replies are listed 'Best First'.
Re^2: SQL Insert with blank in the middle
by CountZero (Bishop) on Jul 08, 2010 at 08:19 UTC
    ALWAYS use parameters EVERYWHERE: 
    $dbh2->do("INSERT INTO PerlTest (Postcode,street_column,streetCount) V
+ALUES (?,?,?)", undef, '', $mystreet, 0);

    [download]

    CountZero

    A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

[reply]
[d/l]
      ALWAYS use parameters EVERYWHERE
      Yeah, except of course where you can't. Note the OPs problem is having a space in the column name, with the column name stored in a variable. I do not know any engine that allows a placeholder for a column name. (In the OPs case, I wonder if the $_ for the column name is actually correct, but I do want to point out that you cannot use parameter EVERYWHERE. Table names are an other example of where you cannot use parameters.)
[reply]

        and the proper way to quote an identifier e.g., a column name is quote_identifier.

[reply]
        When can't you? It's perfectly possible to dynamically generate parameterized queries, even.
[reply]

      For constants? Why? Why would you want to force both the server and the client to do more work?

      You should definitely use placeholders for data coming from outside, but I don't see any reason to use them for literal constants.

      Jenda
      Enoch was right!
      Enjoy the last years of Rome.

[reply]
        Why?
        • Orthogonality
        • To avoid mistakes
        • Easier to read
        • Looks nicer
        • ...

        :-)

        CountZero

        A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

[reply]
        Thanks everyone for your input. This works like a charm - thanks a lot. 
        $mystreet=$_;
$dbh2->do("INSERT INTO PerlTest (Postcode,Street,streetCount) VALUES (
+?,?,?)", undef, '', $mystreet, 0);

        [download]

        Not sure what "undef" does though. I also dont understand why putting it into a variable makes it work as it seems to need quotes around it so it doesnt split it into two words, as in the "high" and "street" example. Street is a just a varchar for info and it was on sql server for anybody else coming to this topic. 
        CREATE TABLE [dbo].[PerlTest](
    [Postcode] [varchar](50) NULL,
    [Street] [varchar](50) NULL,
    [streetCount] [int] NULL
) ON [PRIMARY]

        [download]
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom