From: "McMahon, Chris" <[EMAIL PROTECTED]>
> Hello again...
> I'm getting the hang of this, but now:
>
> $sql = qq{INSERT INTO table VALUES ($port,333,,,0);
While you could use
$sql = qq{INSERT INTO table VALUES ($port,333,NULL,NULL,0);
you should not do it this way.
First thing ... you should not use
INSERT INTO table VALUES (values)
you should always use
INSERT INTO table (columns) VALUES (values)
What if someone adds a column or reorders the columns?
Second, it's better to use placeholders. That way you can reuse the
statement and you do not have to worry about SQL Injection attacks:
$sql = qq{INSERT INTO table (Port, Foo, Bar) VALUES ( ?, ?, ?)};
$sth = $dbh->prepare($sql)
or die "Could not prepare $sql\n";
$sth->execute($Port, 333, 0)
or die "Could not execute $sql\n";
Jenda
===== [EMAIL PROTECTED] === http://Jenda.Krynicky.cz =====
When it comes to wine, women and song, wizards are allowed
to get drunk and croon as much as they like.
-- Terry Pratchett in Sourcery
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
