in reply to Re: cleaning up sql from file
in thread cleaning up sql from file

Also see DBI about the $dbh->quote() method to quote values. I still prefer placeholders though.

Replies are listed 'Best First'.
Re^3: cleaning up sql from file
by ag4ve (Monk) on Oct 17, 2010 at 20:21 UTC

    heh, i forgot to login before posting

    why didn't i think of that

    $word[ $count ] =~ s/\'/\\\'/g;

    [download]

    i suppose i could make it look cleaner with

    s|\'|\\\'|g

    [download]

    but this works great. the dbi quote or quote_identifier might have worked as well but it failed the first run and the regex worked, so i'll use what worked

    thanks again

[reply]
[d/l]
[select]

      Your approach fails if I you need to insert the following data:

      O\'Hara

      [download]

      Your routine will expand that to

      O\\'Hara </c>

      ... which is, again, invalid. SQL injection is hard to prevent if you're interpolating arbitrary data.

[reply]
[d/l]

In Section Seekers of Perl Wisdom