Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw

$data{"str$i"} not valid in mysql select?

by Anonymous Monk
on Nov 27, 2013 at 00:42 UTC ( #1064506=perlquestion: print w/replies, xml ) Need Help??
Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

My mysql statement is pretty simple.
$store = qq(INSERT INTO main (creator_name,relationship) VALUES("$ +data{creatorname}","$data{relationship}") );
This works perfectly as it is but I have need to loop over this three times to get all the form variables without actually hardcoding three mysql statements.
$store = qq(INSERT INTO main (creator_name,relationship,reason, em +ail,name,creator_email,creator_url,victim_url,length_of_stay,release_ +date,ip,state) VALUES("$data{creatorname}","$data{relationship}") ); [/code] What I'm trying to do is [code] for (my $i = 0; $i <=3; $i++) { $store = qq(INSERT INTO main (creator_name,relationship) VALUES("$ +data{creatorname}",$data{"relationship$i"}) );
And it errors with the generic "something is bad with your mysql query. Anyone know what I need to do to get $data{relationship$i} to work in this way?

Replies are listed 'Best First'.
Re: $data{"str$i"} not valid in mysql select?
by MidLifeXis (Monsignor) on Nov 27, 2013 at 14:09 UTC

    Since you don't say what the source of the data happens to be, I can only assume that it is coming from a potentially untrusted source. Since that is the baseline assumption, do not interpolate -- use placeholders. See


Re: $data{"str$i"} not valid in mysql select?
by Anonymous Monk on Nov 27, 2013 at 06:48 UTC
    May I recommend using prepared queries?
    $store = qq-INSERT INTO main (creator_name,relationship) VALUES(?, ?)- +; my $sth = $dbh->prepare($store); for my $i (0..3) { $sth->execute($data{creatorname}, $data{"relationship$i"}); # or a nicer syntax using a hash slice: # $sth->execute( @data{ "creatorname", "relationship$i" } ); }
Re: $data{"str$i"} not valid in mysql select?
by Anonymous Monk on Nov 27, 2013 at 00:44 UTC
    Ahh man I messed up that post. Please ignore the long $store statement that has all those extra values in it, I meant to clean those up.
      I suspect I might know the answer. But before I commit, having the actual error. Would be extremely helpful.


      #!/usr/bin/perl -Tw
      use Perl::Always or die;
      my $perl_version = (5.12.5);
      print $perl_version;

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1064506]
Approved by toolic
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (5)
As of 2017-12-11 10:08 GMT
Find Nodes?
    Voting Booth?
    What programming language do you hate the most?

    Results (289 votes). Check out past polls.