Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister

Re: Mysql queries with ' and "

by golux (Hermit)
on Mar 12, 2014 at 20:10 UTC ( #1078085=note: print w/replies, xml ) Need Help??

in reply to Mysql queries with ' and "

Hi fattahsafa,

Just modify your $insert_query first, to escape all occurrences of apostrophe "'":

$insert_query =~ s/'/\\'/g;

This changes each "'" into "\'" (you have to escape the backslash "\" in the regular expression, which why there are two).

Update:   I agree with runrig that $dbh->quote is preferrable (as is using placeholders). On second look my way wouldn't quite work anyway, since you've got apostrophes within the string, though you could still get away with the regex if it didn't contain apostrophes to begin with; eg.:

insert_query = qq{INSERT INTO arabic_corpus (crps_word, crps_count +) VALUES ("$word", "$count")}; $insert_query =~ s/'/\\'/g;
say  substr+lc crypt(qw $i3 SI$),4,5

Replies are listed 'Best First'.
Re^2: Mysql queries with ' and "
by runrig (Abbot) on Mar 12, 2014 at 20:23 UTC
    $insert_query =~ s/'/\\'/g;
    No, the right way would be to use the $dbh->quote() method, or even better, to use placeholders as suggested below.
      Thank you ! Placeholder works well

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1078085]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (5)
As of 2018-05-20 20:03 GMT
Find Nodes?
    Voting Booth?