On Jun 25, 3:19 pm, ricky.z...@[EMAIL PROTECTED]
(Ricky Zhou) wrote:
> Greg Jetter wrote:
> > my $query = "insert into tablename
> > (atablenaem1,atablename2,atablename3)VALUES($SubjPerform,$somthing2,
> > $somthing3);
>
> > # insert stuff in the db
>
> > $dbh->do($query) or die "$DBI::errstr";
>
> To prevent SQL injection, etc. It's strongly recommended that you use
> placeholders, which will automatically escape user-provided input for
you.
>
> my $query = "insert into tablename (atablenaem1,atablename2,atablename3)
> values (? ,?, ?)";
> $dbh->do($query, $SubjPerform, $somthing2, $somthing3) or die
> "$DBI::errstr";
>
>
Seehttp://search.cpan.org/~timb/DBI-1.57/DBI.pm#Placeholders_and_Bind_Va...
> for details.
>
> Hope this helps,
> Ricky
>
> signature.asc
> 1KDownload
One more quick question...does it matter if I have the "names" from
the form (i.e. group title of synregime for values of ET, AT, RI, FLT,
CUT) or do I just input the values and mysql puts them in the right
group according to the value name. That could be where I'm going
wrong. Thanks!!
Shad
|
