--------------enigC036A7D159359CA3DF40FB67
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Greg Jetter wrote:
> my $query =3D "insert into tablename=20
> (atablenaem1,atablename2,atablename3)VALUES($SubjPerform,$somthing2,
> $somthing3);
>=20
>=20
> # insert stuff in the db
>=20
> $dbh->do($query) or die "$DBI::errstr";
To prevent SQL injection, etc. It's strongly recommended that you use
placeholders, which will automatically escape user-provided input for you=
=2E
my $query =3D "insert into tablename (atablenaem1,atablename2,atablename3=
)
values (? ,?, ?)";
$dbh->do($query, $SubjPerform, $somthing2, $somthing3) or die
"$DBI::errstr";
See
http://search.cpan.org/~timb/DBI-1.57/DBI.pm#Placeholders_and_Bind_Values=
for details.
Hope this helps,
Ricky
--------------enigC036A7D159359CA3DF40FB67
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGgD9gZBKKLMyvSE4RAvG4AKDfU5S9nhjsnKZ7VwC2pntJ6xly8wCfTRKv
9hTQkGgdyZ1AAMeCxFwHLck=
=58x6
-----END PGP SIGNATURE-----
--------------enigC036A7D159359CA3DF40FB67--
|
