How to insert text in mysql with quotes using perl

Question

How to insert text in mysql with quotes using perl

How to insert text in mysql with quotes using perl? It is difficult to insert text containing "and". I am using the Perl DBI module and the DB is mysql.

UPDATE:

here is my request

my $s = "INSERT INTO comment(guid,review_id) VALUES ('$guid','$review_id')";

+5

mysql perl

Mandar pande May 26 '11 at 7:09

source share

2 answers

You should read the Placeholders and Binding Values section inman DBI

EDIT: added example

my $s = "insert into comment(guid,review_id) values (?, ?)";
$dbh->do( $s, undef, $guid, $review_id) or die $dbh->errstr;

+13

Alexd 26 '11 7:14

Tom shaw · Accepted Answer · 2011-05-26T07:28:22+0000

Your old query would be something like this:

my $s = "insert into comment(guid,review_id) values ('$guid','$review_id')";
$dbh->do($s);

The best way, using placeholders and binding values according to @AlexD's answer would look like this:

my $sth = $dbh->prepare("insert into comment(guid,review_id) values (?, ?)";);
$sth->execute($guid, $review_id);

To learn about the security risks of your first approach, check out SQL injection attacks on Wikipedia.

How to insert text in mysql with quotes using perl

More articles: