$sth->execute()
and read up on DBI a little more.
the first page of the perldoc shows a synapsis of all the commands.
I frequently have to re-visit these pages to recall what the
different functions are.
On Jun 12, 2007, at 1:32 PM, Northstardomus wrote:
On Jun 12, 4:59 am, [EMAIL PROTECTED] (Tom Allison) wrote:
On Jun 11, 2007, at 7:52 PM, Northstardomus wrote:
I have a Perl script where I try to strip some data from a web page
and insert it
into a database. I'm having a problem where, it seems like the
method
of quoting
the data for insertion don't seem to be working (as far as escaping
the text) and
some of the text is ending up getting injected into the SQL command.
In this example, I am capturing the paragraphs of text and inserting
each HTML
paragraph into a new record. What seems to be hanging up the
insertion is the "or
die" portion of the text. It will also bomb if the text has a word
like "don't".
I thought the insertion mechanism I'm using would properly escape
these special
There are two methods of doing a "safe" insertion that I'm familiar
with under the DBI module.
I've never had a problem with either of these. But I've had many
problems when I don't use these.
Option one:
use the prepare statement
my $sql = "insert into table(name, address, state) values (?,?,?)";
my $sth = $dbh->prepare($sql);
...
$sth->execute($name,$address, $state);
This will automatically do proper escaping of the strings you want to
insert.
Option Two:
If for some reason it's not practical or possible to use the prepare
statement then you can use the DBI quote(). However, this is
generally rare.
my $sql = "insert into table(name) values (" . $dbh->quote
($name) . ")";
$dbh->do($sql);
But option one is going to be your best bet.- Hide quoted text -
- Show quoted text -
Sorry if this is a repeat, I haven't seen my latest reply in a couple
hours here:
I replaced the commented code with the following:
# if ($OK2INSERT) {
# $dbh = DBI->connect("DBI:SQLite:dbname=C:/Lanosrep/beW/Perl/
HelpPage/area.db", "", "", {'RaiseError' => 1});
# print "<br/>Inserting into Database , @values.";
# $dbh->do("INSERT INTO area_status (areaID, survey_date,
update_time, status ) VALUES ('$values[0]', '$values[1]',
'$values[2]', '$values[3]')");
# $dbh->disconnect();
# }
if ($OK2INSERT) {
$dbh = DBI->connect("DBI:SQLite:dbname=C:/Lanosrep/beW/Perl/
HelpPage/area.db", "", "", {'RaiseError' => 1});
print "<br/>Inserting into Database , @values.";
$dbh->prepare('INSERT INTO area_status (areaID, survey_date,
update_time, status ) VALUES (?,?,?,?)');
$dbh->execute('$values[0]', '$values[1]', '$values[2]',
'$values[3]');
$dbh->disconnect();
}
And I get this error:
Can't locate object method "execute" via package "DBI::db" at
test_script.pl
line 182 (#1)
(F) You called a method correctly, and it correctly indicated a
package
functioning as a class, but that package doesn't define that
particular
method, nor does any of its base classes. See perlobj.
Uncaught exception from user code:
Can't locate object method "execute" via package "DBI::db" at
test_script.pl line 182.
at test_script.pl line 182
I would think I would have this available just by using DBI???
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
