Greg Jetter wrote: > my $query = "insert into tablename > (atablenaem1,atablename2,atablename3)VALUES($SubjPerform,$somthing2, > $somthing3); > > > # insert stuff in the db > > $dbh->do($query) or die "$DBI::errstr"; To prevent SQL injection, etc. It's strongly recommended that you use placeholders, which will automatically escape user-provided input for you.
my $query = "insert into tablename (atablenaem1,atablename2,atablename3) values (? ,?, ?)"; $dbh->do($query, $SubjPerform, $somthing2, $somthing3) or die "$DBI::errstr"; See http://search.cpan.org/~timb/DBI-1.57/DBI.pm#Placeholders_and_Bind_Values for details. Hope this helps, Ricky
signature.asc
Description: OpenPGP digital signature
