Re^3: cleaning up sql from file

in reply to Re^2: cleaning up sql from file
in thread cleaning up sql from file

heh, i forgot to login before posting

why didn't i think of that

$word[ $count ] =~ s/\'/\\\'/g;
[download]

i suppose i could make it look cleaner with

s|\'|\\\'|g
[download]

but this works great. the dbi quote or quote_identifier might have worked as well but it failed the first run and the regex worked, so i'll use what worked

thanks again

Comment on Re^3: cleaning up sql from file Select or Download Code

Replies are listed 'Best First'.
Re^4: cleaning up sql from file by Corion (Patriarch) on Oct 17, 2010 at 20:25 UTC
Your approach fails if I you need to insert the following data: `O\'Hara` [download] Your routine will expand that to O\\'Hara </c> ... which is, again, invalid. SQL injection is hard to prevent if you're interpolating arbitrary data.	[reply] [d/l]

In Section Seekers of Perl Wisdom