perl problems with mysql

[bobbybobbertson]

What function do I use to prepare data that might be anything including quotes for DBI's mysql prepare and execute statements?

In other words how do I prepare the Unknown data below so that it won't screw up the "do" statement?

my $unknown_data = "this could have anything including single and double quotes";
$dbh->do("UPDATE transaction SET $colum = $unknown_data WHERE $column = '$trans_id')&quot or die "Couldn't update recdord : $DBI::errstr";

 

[astanley]

You will need to write some type of input parser for your unknown_data variable. If you will not have any variables in the unknown_data then I recommend using a substitution on the input that will replace all single quotes with \' - this would allow them to be passed by Perl to SQL as desired. By using single quotes to define unknown_data you prevent Perl from interpreting variables and quotation marks (and any other formatting characters IIRC).

 

[justice41]

Use DBI's built-in string quoter:

$quoted_string = $dbh->quote($unknown_data);

jaa