in reply to MySQL INSERT in Perl

When you print $ins_rec to your screen what do you get? Could you post the exact output of printing $ins_rec?

You should be using placeholders. Use DBI, prepare the statement, and then execute it by including the bind values as $sth->execute() bind params.

What I expect to find when you show us the contents of $ins_rec is something in your big string full of interpolation sending an unescaped metacharacter to MySQL that corrupts the SQL query statement. That, along with the potential for intentional SQL injection attacks is why Placeholders and Bind Values exist (well, efficiency and convenience too).

Per your OP update: I realize you're using DBI, but you may not be using it safely. You have to either use DBI's quote() method on the data you're instering, or you rework your prepare() to use placeholders, and your execute() to provide the bind values.


Dave

Replies are listed 'Best First'.
Re^2: MySQL INSERT in Perl
by baperl (Sexton) on Aug 04, 2011 at 14:32 UTC
    hi Dave, I've updated the code and $ins_rec prints nothing
[reply]

      "I've updated the code and $ins_rec prints nothing"

      That's a big problem, right? So you now have two jobs:

      First: find out why $ins_rec is empty when you try to send an INSERT to MySQL.

      Second: Convert your program to use placeholders so that you are not subjecting yourself to possibly corrupt SQL or SQL injection attacks due to unescaped metacharacters.


      Dave

[reply]
        hi Dave, I got it to work, and the $ins_rec is printing what it should. the insert is also working, and I checked the database to make sure it is all correct, and it is. however, I get this error message for the do(): 
        DBD::mysql::db do failed: Unknown column 'N' in 'field list' at otest.
+pl line 52.

        [download]
        I just posted the revised code in my new reply.
[reply]
[d/l]

In Section Seekers of Perl Wisdom