On Jun 12, 4:59 am, [EMAIL PROTECTED] (Tom Allison) wrote:
> On Jun 11, 2007, at 7:52 PM, Northstardomus wrote:
>
>
>
>
>
>
>
> > I have a Perl script where I try to strip some data from a web page
> > and insert it
>
> > into a database. I'm having a problem where, it seems like the method
> > of quoting
>
> > the data for insertion don't seem to be working (as far as escaping
> > the text) and
>
> > some of the text is ending up getting injected into the SQL command.
>
> > In this example, I am capturing the paragraphs of text and inserting
> > each HTML
>
> > paragraph into a new record. What seems to be hanging up the
> > insertion is the "or
>
> > die" portion of the text. It will also bomb if the text has a word
> > like "don't".
>
> > I thought the insertion mechanism I'm using would properly escape
> > these special
>
> There are two methods of doing a "safe" insertion that I'm familiar
> with under the DBI module.
> I've never had a problem with either of these. But I've had many
> problems when I don't use these.
>
> Option one:
>
> use the prepare statement
>
> my $sql = "insert into table(name, address, state) values (?,?,?)";
> my $sth = $dbh->prepare($sql);
>
> ...
>
> $sth->execute($name,$address, $state);
>
> This will automatically do proper escaping of the strings you want to
> insert.
>
> Option Two:
>
> If for some reason it's not practical or possible to use the prepare
> statement then you can use the DBI quote(). However, this is
> generally rare.
>
> my $sql = "insert into table(name) values (" . $dbh->quote($name) . ")";
> $dbh->do($sql);
>
> But option one is going to be your best bet.- Hide quoted text -
>
> - Show quoted text -
Sorry if this is a repeat, I haven't seen my latest reply in a couple
hours here:
I replaced the commented code with the following:
# if ($OK2INSERT) {
# $dbh = DBI->connect("DBI:SQLite:dbname=C:/Lanosrep/beW/Perl/
HelpPage/area.db", "", "", {'RaiseError' => 1});
# print "<br/>Inserting into Database , @values.";
# $dbh->do("INSERT INTO area_status (areaID, survey_date,
update_time, status ) VALUES ('$values[0]', '$values[1]',
'$values[2]', '$values[3]')");
# $dbh->disconnect();
# }
if ($OK2INSERT) {
$dbh = DBI->connect("DBI:SQLite:dbname=C:/Lanosrep/beW/Perl/
HelpPage/area.db", "", "", {'RaiseError' => 1});
print "<br/>Inserting into Database , @values.";
$dbh->prepare('INSERT INTO area_status (areaID, survey_date,
update_time, status ) VALUES (?,?,?,?)');
$dbh->execute('$values[0]', '$values[1]', '$values[2]',
'$values[3]');
$dbh->disconnect();
}
And I get this error:
Can't locate object method "execute" via package "DBI::db" at
test_script.pl
line 182 (#1)
(F) You called a method correctly, and it correctly indicated a
package
functioning as a class, but that package doesn't define that
particular
method, nor does any of its base classes. See perlobj.
Uncaught exception from user code:
Can't locate object method "execute" via package "DBI::db" at
test_script.pl line 182.
at test_script.pl line 182
I would think I would have this available just by using DBI???
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
