use place holders in your SQL statements, and let the DBD driver worry
about what is in your input.
ex:
my $sth = $dbh->prepare("INSERT INTO table (value1, value2) values (?,
?)");
$sth->execute($value1, $value2);
$sth->finish();
On Thu, 2002-12-12 at 14:41, james lundeen wrote:
> I "use CGI" in my routines very often and at times need to look at the incoming
>values from forms
> to make sure that they don't include "'" "," and other things that might blow up my
>connection
> with mysql database. Can someone please give me a nice piece of reusable code that
>will read the
> incoming variable and clean up all of the charecters that the user might have
>entered that certain
> programming routines might not like? Specifically, I have run into problems if
>the user has "
> ' , in the field. maybe there are others too? any help and code would be
>appreciated!
> -jimmyjames
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
Jordan Mclain
http://omega.uta.edu/~jdm6587
817.291.0160
