On Jun 12, 8:48 am, [EMAIL PROTECTED] (Jenda Krynicky) wrote:
> From: "Mumia W." <[EMAIL PROTECTED]>
>
> > On 06/11/2007 06:52 PM, Northstardomus wrote:
> > > [...]
> > > print "<br/>Inserting into Database , @values.";
>
> > Use the "quotemeta" function to escape special characters
> > that may be in the values.
>
> Please don't!
>
>
>
>
>
> > my @values_copy = @values;
> > @values = map quotemeta($_), @values;
>
> > > $dbh->do("INSERT INTO area_status (areaID, survey_date,
> > > update_time,
>
> > > status ) VALUES ('$values[0]', '$values[1]', '$values[2]',
> > > '$values[3]')");
> > > $dbh->disconnect();
> > > }
> > > }
>
> > Read "perldoc -f quotemeta"
>
> Please do!
>
> The quotemeta() should NOT be used to escape data for the database.
> It was not designed for that and it knows nothing about your
> database. So it will most likely escape too much (it doesn't look too
> professional to display the text with backslashes scattered
> everywhere) and/or it may escape something in a different way than
> the database expects.
>
> Either use the DATABASE SPECIFIC $dbh->quote() or even better use
> $dbh->prepare() and placeholders. That's by far the safest and most
> efficient solution.
>
> Jenda
> ===== [EMAIL PROTECTED] ===http://Jenda.Krynicky.cz=====
> When it comes to wine, women and song, wizards are allowed
> to get drunk and croon as much as they like.
> -- Terry Pratchett in Sourcery- Hide quoted text -
>
> - Show quoted text -
Well, I replaced the commented code below with the prepare method...
# if ($OK2INSERT) {
# $dbh = DBI->connect("DBI:SQLite:dbname=C:/Lanosrep/beW/Perl/
HelpPage/area.db", "", "", {'RaiseError' => 1});
# print "<br/>Inserting into Database , @values.";
# $dbh->do("INSERT INTO area_status (areaID, survey_date,
update_time, status ) VALUES ('$values[0]', '$values[1]',
'$values[2]', '$values[3]')");
# $dbh->disconnect();
# }
if ($OK2INSERT) {
$dbh = DBI->connect("DBI:SQLite:dbname=C:/Lanosrep/beW/Perl/
HelpPage/area.db", "", "", {'RaiseError' => 1});
print "<br/>Inserting into Database , @values.";
$dbh->prepare('INSERT INTO area_status (areaID, survey_date,
update_time, status ) VALUES (?,?,?,?)');
$dbh->execute('$values[0]', '$values[1]', '$values[2]',
'$values[3]');
$dbh->disconnect();
}
...but I get this error...is there a package I'm missing?
System error: closing dbh with active statement handles at
test_script.pl line 171.
Can't locate object method "execute" via package "DBI::db" at
test_script.pl
line 182 (#1)
(F) You called a method correctly, and it correctly indicated a
package
functioning as a class, but that package doesn't define that
particular
method, nor does any of its base classes. See perlobj.
Uncaught exception from user code:
Can't locate object method "execute" via package "DBI::db" at
test_script.pl line 182.
at test_script.pl line 182
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
