Since you're sending this to the Perl list I will assume you're using
DBI::mysql to interface with MySQL.
Use the DBI method "quote()",
as in:
# assuming:
# my $dbh = DBI->connect(...) has gone before
$dbh->quote($Value);
Here's a little sub routine I picked up from CodeCharge a while
Since you're sending this to the Perl list I will assume you're using
DBI::mysql to interface with MySQL.
Use the DBI method "quote()",
as in:
# assuming:
# my $dbh = DBI->connect(...) has gone before
$dbh->quote($Value);
Here's a little sub routine I picked up from CodeCharge a while
It sounds like you are not using placeholders in your SQL.
See: http://www.stupidfool.org/perl/docs/perltut/dbi/dbiplace.html
for more information...
Using placeholders will take care of the correct escaping of characters
automatically, and also will save you program becoming a security
nightma
On Sat, 20 Sep 2003 21:34:58 +, Pablo Fischer wrote:
> I need to save some HTML text in a DataBase (MySql, using DBI). However
> some HTML text will have single and double quotes, so.. how can I save
> them?, for example:
> It's so funny
$html_text =~ s/'/''/g;
$html_text =~ s/"/""/g;
Use the
