ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi,
I'm trying to develop a website which will accept user written input in a form and will store it in a MySQL database, and will have no problems if the user written text has a ' in it. For this I was referred to this site:
and it looks pretty easy, what I have to do.
The problem is, when I use $dbh->quote, from my error logs I can see that it is substituting a ' with \\', ie. "O'Reilly" becomes "O\\'Reilly", instead of "O\'Reilly", and I can't tell why.
I have always used prepare, this might work better for you.
Code:
my $last_name = "O'Reilly";
my $user_name = "resetreset";
my $sth = $dbh->prepare(qq{UPDATE users SET last_name = ? WHERE user_name = ?});
$sth->execute($last_name, $user_name);
It properly quotes and substitutes those variables into the query (where the ?s are) and runs the query. Check out the documentation for a broader range of info -- http://search.cpan.org/~timb/DBI/DBI.pm
OK, but I'm trying to use quote on data input by a form on an HTML page, so I can't use prepare. The page you suggested says this:
"For others it may return something like 'Don\'t' ", which I'm not getting.
So I'm still stuck at square one .
I have written database-driven web apps using Perl and MySQL that deal with data input from the user via form. The DBI prepare and execute methods have always worked for me; so the issue may be in your code. Post your code.
OK, it's big but you asked for it (I'm posting what I think are the relevant parts) :
#! /usr/bin/perl
use DBI ;
use strict ;
use CGI ;
my ($cgi) = new CGI ;
my ($firstname) ;
my ($middlename) ;
my ($lastname) ;
my ($flat) ;
my ($street) ;
my ($city) ;
my ($state) ;
my ($country) ;
my ($postcode) ;
my ($phone) ;
my ($photo) ;
my ($type) ;
my ($rating) ;
$type = $cgi->param("type");
my ($dsn)="DBI:mysqlr:localhost";
my ($user_name) = "torrent" ;
my ($password) = "hello" ;
my ($dbh,$sth) ;
my (@ary) ;
$sth=$dbh->prepare (qq{ INSERT INTO people VALUES (NULL,'$firstname','$middlename','$lastname','$flat','$street','$city','$state','$country','$postcod e','$phone','$type','$rating')
$sth->execute ();
It doesn't work, first of all it's refusing to take NULL as an argument, so I had to change that, after that it works (I had to change another INSERT in my code, further down the line). Do you know how I can put in a curdate() (in MySQL) into the $sth->execute line? ie. like this:
$sth->execute ($ary[0],$reviewername,$topic,$review, curdate()) ;
, but that's not the correct syntax, do you know what is?
Thanks a LOT for your help, btw. But it's still a niggling thought in my brain as to why $dbh->quote didn't work, I was hoping for chrism01's input on that - do you know why, chrism?
Last edited by resetreset; 03-17-2009 at 02:18 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.