Re: question mark?

The "?" when used with DBI in a PREPARE statement is a placeholder, letting you do cool things like this:

my $sth = $dbh-> prepare ("select * from sometable where id=?");
$sth->execute("12345");
[download]

When $sth is executed, any values passed to "execute" replace the question marks in the preprared SQL statement in the order the question marks appear. In this case: "select * from sometable where id="12345" is what gets executed. There's lots of good docs on this in the DBI documentation.

Anyway, that's what your problem is. If you don't want the questions marks to be interpreted incorrectly, use this:

$command = $dbh->quote($command);
[download]

...which should happily quote out all the bad stuff for you (question marks aren't the only characters that'll screw you up) and keep the NULLS from getting inserted.

Gary Blackburn
Trained Killer

Comment on Re: question mark? Select or Download Code

Replies are listed 'Best First'.
Re: Re: question mark? by Monolith-0 (Beadle) on Apr 29, 2001 at 06:07 UTC
Ah, thanks. Wait... now none of my SQL commands work if I add it after `my ( $command )=@_;` If that's not where I'm supposed to use it, I can't figure out how then. - Monolith	[reply]
Re: Re: Re: question mark? by Trimbach (Curate) on Apr 29, 2001 at 08:25 UTC
Hmmm... on further examination it looks like you're trying to pass an arbitrary SQL statement to your sub and expect it to be executed. I assume you know this is generally a bad idea (why are you using a script to do this if you can access the DB through a shell? And if you can't access the DB via a shell and want to issue commands to the DB remotely, your technique is incredibly insecure...) but nevertheless it's complicating your "quoting" problems. $dbh->quote() is really designed to correctly escape the values in an SQL statement, not an entire statement at once. As things stand you have no way of picking out the values (the things that need quoting) from the commands (the things that should be passed to the DB just as they are.) You may need to consult your DB documentation and resort to a series of REGEX's to seek out and properly quote the funky characters in your arbitrary SQL string. $dbh->quote() is normally smart enough to do this for you, but not when you're trying to process an entire string at once. Gary Blackburn Trained Killer	[reply]