Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Using regex to add a single backslash to escape quotes, instead of 2 backslashes or 0

by lancer (Beadle)
on Jul 26, 2012 at 16:48 UTC ( #983874=perlquestion: print w/ replies, xml ) Need Help??
lancer has asked for the wisdom of the Perl Monks concerning the following question:

Dear All,

I have a function like
sub sql_escape { my $text = shift; $text =~ s/'/\'/g; $text =~ s/"/\"/g; $text =~ s/\\/\\\\/g; return $text; }
Outputs this: O'REILLY

When I print the result of that in a double quoted string, like so: my $escaped_text = sql_escape ($raw_text); print "$escaped_text" , it prints single quotes without the backslash.

But if I change the function to add another backslash, it starts printing 2 backslashes:

sub sql_escape { my $text = shift; $text =~ s/'/\\'/g; $text =~ s/"/\\"/g; $text =~ s/\\/\\\\/g; return $text; }

Outputs this: O\\'REILLY

How can I change it to output only 1 backslash?

Comment on Using regex to add a single backslash to escape quotes, instead of 2 backslashes or 0
Select or Download Code
Re: Using regex to add a single backslash to escape quotes, instead of 2 backslashes or 0
by Corion (Pope) on Jul 26, 2012 at 17:02 UTC

    See the ->quote method of DBI. Do not implement this routine yourself, and even better, use DBI placeholders instead, also documented in DBI.

      Thanks for the suggestion, I was able to replace it with this:

      sub sql_escape { my $text = shift; $text = DBD::_::db->quote ($text); return $text; }

      Outputs: O''REILLY

      (This format works with MySQL)

        Why don't you use

        $dbh->quote(...)

        as the documentation suggests?

Re: Using regex to add a single backslash to escape quotes, instead of 2 backslashes or 0
by Anonymous Monk on Jul 26, 2012 at 17:28 UTC

    Pay attention to what Corion has suggested. By implementing this yourself, you are very likely to miss edge cases and grey areas that the DBI implementation has already addressed.

      Thanks Anonymous Monk, I've used Corion's suggestion. I posted it above.
Re: Using regex to add a single backslash to escape quotes, instead of 2 backslashes or 0
by BillKSmith (Chaplain) on Jul 26, 2012 at 18:43 UTC

    Just for fun, here is a fix to your function.

    use strict; use warnings; my $message = q(O'REILLY); my $sql_message = sql_escape( $message); print "$sql_message"; sub sql_escape { my $text = shift; $text =~ s/'/\\'/g; $text =~ s/"/\\"/g; return $text; }

    Use the module!

      For completeness, here's WHY this fixes your function so you can maybe avoid similar issues in the future.

      $text = "O'REILLY"; $text =~ s/'/\\'/g; # $text is now O\'REILLY $text =~ s/"/\\"/g; # Unchanged $text =~ s/\\/\\\\/g; #$text is not O\\'REILLY

      So you properly replace it with a single backslash, but then you tell it to replace all single backslashes with double backslashes. If you wanted to do this properly, move the 3rd line above the 1st. But everyone is right, use the module.

        Wow, thanks for that. Such a basic mistake. :)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://983874]
Front-paged by Arunbear
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (12)
As of 2014-09-23 20:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (241 votes), past polls