Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Re: Re: Quote mark in string messing up mySQL INSERT

by shoez (Sexton)
on Dec 13, 2002 at 00:23 UTC ( #219474=note: print w/replies, xml ) Need Help??


in reply to Re: Quote mark in string messing up mySQL INSERT
in thread Quote mark in string messing up mySQL INSERT

Using $dbh->quote or placeholders will also prevent you from suffering SQL injection attacks... which could clear out your database if you're unlucky! tom
  • Comment on Re: Re: Quote mark in string messing up mySQL INSERT

Replies are listed 'Best First'.
Re: Re: Re: Quote mark in string messing up mySQL INSERT
by Cmdr_Tofu (Scribe) on Dec 13, 2002 at 04:10 UTC
    Is it safe to use apostrophes instead of quotes? In the past I have always done:
    $dbh->do("insert into mytable values('$myStringWhichPossiblyContainsQu +otes', '$another string', ...);
    Rohit
      Nope!!
      What if your variables contain apostrophes? Or other 'nasty' characters?

      Stick with either $dbh->quote($variable) or use placeholders.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://219474]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (2)
As of 2021-09-20 23:59 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?