I'm inserting info into a DB:
#!/usr/bin/perl -wT
use strict;
use CGI;
use DBI;
use CGI::Carp qw(fatalsToBrowser);

my $upload_dir = "/home/mine/upload";

my $query = new CGI;

my $filename = $query->param("filename");
my $to = $query->param("to");
my $from = $query->param("from");
my $expire = $query->param("expire");
my $comments = $query->param("comments");

my $uldate = time;

my $expdate;

if ($expire eq 1) {$expdate = $uldate + 86400;}
if ($expire eq 2) {$expdate = $uldate + 172800;}
if ($expire eq 3) {$expdate = $uldate + 259200;}
if ($expire !~m/^(1|2|3)$/)
{
 print "Content-type: text/html\n\nDon't tamper with me!";
 die;
}

$filename =~ s/.*[\/\\](.*)/$1/;

##Start database connections ##############################
my $database = "live_databox";
my $db_server = "localhost";
my $user = "user";
my $password = "pass";

##Connect to database, insert statement, & disconnect #####
my $sth;
my $dbh = DBI->connect("DBI:mysql:$database:$db_server", $user, $passw
+ord);


my $statement = "INSERT INTO databox (filename,to,from,comments,uldate
+,expdate) VALUES (?,?,?,?,?,?)";

   $sth = $dbh->prepare($statement) or die "Couldn't prepare the query
+: $sth->errstr";

my $rv = $sth->execute($filename,$to,$from,$comments,$uldate,$expdate)
+ or die "Couldn't execute query: $dbh->errstr";

$sth->finish;
$dbh->disconnect;

#########################################################

my $upload_filehandle = $query->upload("filename");

open UPLOADFILE, ">$upload_dir/$filename";

binmode UPLOADFILE;

while ( <$upload_filehandle> )
 {
   print UPLOADFILE;
 }

close UPLOADFILE;

[download]


I'm getting an error telling me:

 "Couldn't execute query: You have an error in your SQL syntax.  Check the manual that corresponds to your MySQL server version for the right syntax to use near 'to,from,comments,uldate,expdate) VALUES ('image.jpg','Bob','Judy','t','1 at upload.pl line 60.

Is there something wrong with the way I'm using place holders? I have other scripts almost identical to this and they run fine.

UPDATE: I figured it out, to and from are SQL keywords! This caused the SQL statement to be completely wrong and error out. Changed 'to' to 'data_to' and 'from' to 'data_from'. Now this script works!!!

In reply to What is wrong with this DB insert, place holder problem? by awohld

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.