shadkeene@[EMAIL PROTECTED]
wrote:
> On Jun 25, 3:19 pm, ricky.z...@[EMAIL PROTECTED]
(Ricky Zhou) wrote:
>> Greg Jetter wrote:
>>> my $query = "insert into tablename
>>> (atablenaem1,atablename2,atablename3)VALUES($SubjPerform,$somthing2,
>>> $somthing3);
>>> # insert stuff in the db
>>> $dbh->do($query) or die "$DBI::errstr";
>> To prevent SQL injection, etc. It's strongly recommended that you use
>> placeholders, which will automatically escape user-provided input for
you.
>>
>> my $query = "insert into tablename
(atablenaem1,atablename2,atablename3)
>> values (? ,?, ?)";
>> $dbh->do($query, $SubjPerform, $somthing2, $somthing3) or die
>> "$DBI::errstr";
>>
>>
Seehttp://search.cpan.org/~timb/DBI-1.57/DBI.pm#Placeholders_and_Bind_Va...
>> for details.
>>
>> Hope this helps,
>> Ricky
>>
>> signature.asc
>> 1KDownload
>
> Okay, I see where I totally missed the point of your code....I see
> that I have to put the column name after the table name in
> parentheses. So, here's the code I'm using to just place SynRegime
> values into the column SynRegime in the table named test...still
> getting some errors...I've added some quotes, and here's the error I
> get now...with the following code:
> Column count doesn't match value count at row 1 at C:\perl-scripts
> \mysqlcgi.cgi line 37.
> I didn't think the column count should match the value count since I'm
> only inserting one these five enum values into one column when the
> user submits. Thanks again for any advice. I'll continue to work on
> this...
> Shad
>
>
> #!/perl/bin/perl -w
> use CGI qw(:standard);
> use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
> use Fcntl qw(:flock :seek);
> use strict;
> use DBI;
>
> my $DATABASE ="test";
> my $USERNAME = "root";
> my $PASSWORD ="bamboo";
> my $HOSTNAME = "localhost";
> my $data_Source = "DBI:mysql:".$DATABASE .":".$HOSTNAME;
>
>
> print header;
> print start_html("Gradients");
>
> my $q=new CGI;
>
>
>
> my $RI = $q->param("RI");
> my $ET = $q->param("ET");
> my $AT = $q->param("AT");
> my $CUT = $q->param("CUT");
> my $FLT = $q->param("FLT");
>
> my $dbh = DBI->connect($data_Source,$USERNAME,$PASSWORD) or die
> "$DBI::errstr";
>
>
> my $query = "insert into regimetest(SynRegime) VALUES('?', '?', '?',
> '?', '?')";
First, if you are inserting into only one column, you need only one
placeholder. Second, you do not need quotes around placeholders. DBI
will take care of the quoting for you.
>
> #$dbh->do($query) or die "$DBI::errstr";
>
> $dbh->do($query, $RI, $ET, $AT, $CUT, $FLT) or die "$DBI::errstr";
You can't use a "do" method with bind parameters. You will need to do a
prepare followed by an execute.
It looks like you might benefit from a more thorough reading of the DBI
do***entation. If I were you, I would work through the examples given
in those docs quite carefully. I know the do***ent is quite long and
fairly tedious in places, but the first part reads like a tutorial.
Sean
> print end_html;
>
> #sub dienice {
> # my($errmsg) = @[EMAIL PROTECTED]
> # print "<h2>Error</h2>\n";
> # print "<p>$errmsg</p>\n";
> # print end_html;
> # exit;
> #}
>
>
|
