Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re: Need help escaping literal string

by davido (Archbishop)
on Nov 15, 2012 at 01:32 UTC ( #1003914=note: print w/ replies, xml ) Need Help??


in reply to Need help escaping literal string

DBI Placeholders and Bind Values.

Placeholders and bind values are safer than trying to escape the dangerous characters when constructing a query.


Dave


Comment on Re: Need help escaping literal string
Re^2: Need help escaping literal string
by mrras25 (Acolyte) on Nov 15, 2012 at 01:47 UTC

    Thank you for the reply

    How exactly would I do it? Lets say I have a value of
    while(@values = $sth->fetchrow_array) { print "$values[8]\n"; }
    the return value of that is : /vol/enycmmcfl01b_ssd2_home_1b_a/CBirbigl$'s as you can see if I try and take that value and insert in to an insert statement to execute that through perl
    my $insert = "insert into dbtable (vol) values ('$values[8]')";
    the insert statement will now fail because it will look like
    insert into dbtable (vol) valuse ('/vol/enycmmcfl01b_ssd2_home_1b_a/CB +irbigl$'s')
    And well that wont work

      Typically it would look a little like this.

      my $insert = "insert into table (vol) values (?)"; $dbh->do($insert, $values[8]);

      Generally, the notion is that you never directly put variables into SQL statements.

      mrras25:

      That's why davido mentioned placeholders. It's something like:

      # Prepare a statement... my $sth = $dbh->prepare("insert into dbtable (vol) values (?)"); my $funky_string = "/vol/enycmmcfl01b_ssd2_home_1b_a/CBirbigl$'s"; $sth->execute($funky_string);

      This way, you don't have to worry about the odd characters inside your statement. Building your own statements like you were trying to do just leads to the difficulties you're experiencing. That's why placeholders were invented.

      ...roboticus

      When your only tool is a hammer, all problems look like your thumb.

        OUTSTANDING folks thank you for getting back to me I will give that a whirl and see how that flows...

        Again thanks all

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1003914]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (12)
As of 2014-12-19 15:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (84 votes), past polls