Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris

Re: SQL Quoting

by Masem (Monsignor)
on Jan 28, 2002 at 19:07 UTC ( #142064=note: print w/ replies, xml ) Need Help??

in reply to SQL Quoting

Are you using DBI? If so, you should use placeholders to specify what gets put into the DB. Before being added, all questionable characters, including single and double quotes, are appropriate escaped to avoid problems.

use DBI; my $dbh = DBI->connect( ... ); my $sth = $dbh->prepare( "INSERT INTO table VALUES ( ?, ?, ? )" ) or d +ie $DBI->errstr; $sth->execute( $name, $address, $comment ) or die $DBI->errstr;
In the case above, the SQL that will be processed is:
INSERT INTO table VALUES ( $name, $address, $comment )
But with $name, $address, and $comment appropriate escaped to avoid problems with quoted characters.

Dr. Michael K. Neylon - || "You've left the lens cap of your mind on again, Pinky" - The Brain
"I can see my house from here!"
It's not what you know, but knowing how to find it if you don't know that's important

Comment on Re: SQL Quoting
Select or Download Code
Replies are listed 'Best First'.
Re: Re: SQL Quoting
by Matts (Deacon) on Jan 28, 2002 at 22:24 UTC
    And the biggest bonus of all: Most modern DB's will cache the statement handle for you so that you can use the same SQL again and again, and it won't have to go through the SQL parsing overhead (not that there's much overhead, but it's still a bonus). Plus you can use $dbh->prepare_cached() if the underlying database doesn't do that for you.

    In summary, always use placeholders. There's simply no reason not to.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://142064]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (3)
As of 2015-11-28 05:11 GMT
Find Nodes?
    Voting Booth?

    What would be the most significant thing to happen if a rope (or wire) tied the Earth and the Moon together?

    Results (737 votes), past polls