Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??

In your post you mention that you're aware of placeholders and bind values, and that you're using selectall_arrayref. So you're probably familiar with the documentation for DBI. And if not, now is a good time to become familiar with it.

Behold: DBI's quote() method.

Quote a string literal for use as a literal value in an SQL statement, by escaping any special characters (such as quotation marks) contained within the string and adding the required type of outer quotation marks.

If your design really prevents you from using proper placeholders and bind-values, DBI's quote method, and its brother, quote_identifier are your lifeboat and paddle.

Next time use placeholders, though. They're easier in the longrun, and less likely to be forgotten, leaving the door open for wonky behavior, difficult to track down bugs, and unpleasant SQL injection attacks.

True anecdotal story here: A "friend" (the kind who is a friend when he gets himself into trouble) called me up one day. He had some sort of database that was being accessed from a PHP application that he wrote via the blog-cut-and-paste method.

"I don't get it...", he said. "Every time one of my users enters a filename with an apostrophe in it the application crashes and I have to go into the database and fix the entry." I took a look at the code. It took me three hours to find all the places in it where he was exposing his database to user supplied data without handling special characters.

When you're done reading DBI, please read Writeup Formatting Tips. A little formatting of your posts will go a long way toward putting people in a better mood when they try to read and answer them.


Dave


In reply to Re: single quote and spaces in where clause of sql query by davido
in thread single quote and spaces in where clause of sql query by prashantktyagi

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others surveying the Monastery: (5)
As of 2024-03-28 16:55 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found