Hello,
I have done tons of searching on this topic but have yet to find
something relavent to the problem I am experiencing so I am hoping
someone can help me.
The problem I am having is that using Perl to insert some rows into a
MySQL database, some entries that are being inserted include
backslashes. For example, here is one error I am receiving:
DBD::mysql::st execute failed: You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the
right syntax to use near ''A:\')' at line 1 at snmp_collector. pl line
97.
I am wondering how to deal with the backslashes, which I don't always
know if and when they will appear. Is there some type of replace
statement I can run on the SQL query before it is sent to mysql?
Thanks for your help!
-Regan
3  19619 
Regan wrote: I am wondering how to deal with the backslashes, which I don't always
know if and when they will appear. Is there some type of replace
statement I can run on the SQL query before it is sent to mysql?
The most general purpose solution I have found is to use parameterized
queries.
$sth = $dbh->prepare("INSER T INTO mytable VALUES (?, ?, ?)");
$sth->execute('123 ', 'foo', $scalar1);
Where $scalar1 contains the string you want to insert, including special
characters. It's not actually parsed at the time the INSERT statement
is parsed; the SQL has already been parsed into an internal
representation. So the conflict between the special characters in your
string and SQL syntax never causes a problem.
Regards,
Bill K.
>I have done tons of searching on this topic but have yet to find something relavent to the problem I am experiencing so I am hoping
someone can help me.
The problem I am having is that using Perl to insert some rows into a
MySQL database, some entries that are being inserted include
backslashes. For example, here is one error I am receiving:
Escape your data.
DBD::mysql:: st execute failed: You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the
right syntax to use near ''A:\')' at line 1 at snmp_collector. pl line
97.
I am wondering how to deal with the backslashes, which I don't always
know if and when they will appear. Is there some type of replace
statement I can run on the SQL query before it is sent to mysql?
No. You run the replacement (e.g. mysql_escape_st ring()) on the
*DATA* before putting it in the SQL statement. After you put it
in the SQL statement it's very difficult to tell where the string
ends and the SQL continues, and there might be more than one
legal possibility.
"SELECT * FROM disks WHERE drive = 'A:\\'"
Another possibility is parameter substitution, using ? in the query.
Gordon L. Burditt
Regan wrote: I have done tons of searching on this topic but have yet to find
something relavent to the problem I am experiencing so I am hoping
someone can help me.
The problem I am having is that using Perl to insert some rows into a
MySQL database, some entries that are being inserted include
backslashes. For example, here is one error I am receiving:
DBD::mysql::st execute failed: You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the
right syntax to use near ''A:\')' at line 1 at snmp_collector. pl line
97.
I am wondering how to deal with the backslashes, which I don't always
know if and when they will appear. Is there some type of replace
statement I can run on the SQL query before it is sent to mysql?
I think your problem can be solved in two steps:
(1) Make sure your Perl variables handle backslashes exactly the way
you want
(2) Use DBI's built-in function to make sure you pass the exact string
Here is an example:
#!/usr/bin/perl
use strict;
use warnings;
use DBI;
# AFAIK, following here-doc is the only notation that
# guarantees no interpolation:
my $data = <<'EOS';
Don't call me "James" \$@% \\A \\\B
EOS
chop $data;
my $db = DBI->connect("DBI:m ysql:DBname:loc alhost",'DBuser ','Dbpass');
my $quoted = $db->quote($data) ;
my $query = $db->prepare("INSER T INTO mytable VALUES ('',$quoted)");
$query->execute;
$query->finish;
$db->disconnect;
Hope this helps,
--
Bart This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Reply Via Newsgroup Thanks |
last post by:
Folks,
This questions is directed towards PHP/MySQL folk and relates to escaping
hooks, apostraphe's and other characters that can create a security hole
when writing to databases/files. I've been reading
http://ca2.php.net/manual/en/function.get-magic-quotes-gpc.php and just need
to confirm a couple of things:
If I have magic_quotes_gpc on, and I use addslashes() - Does this in effect
cause me to take security one step forward, and...
|
by: Craig Stadler |
last post by:
mySQL 4.0.20a WIN32
Need help with backslash syntax/like queries..
Query1:
select * from dbtable1 where Filespec like 'http://www.10291.com/%'
returns : http://www.10921.com/sikhnet/register.nsf/ram/radioG2/\$File
Query2:
select * from dbtable1 where Filespec
|
by: deko |
last post by:
I'm trying to use a textbox to search and display records as each letter is
typed in - similar to the behavior of a combo box. But for some reason I
can't seem to get the wildcard search character to work in my query. In the
example below, I have several records in tblEntity that begin with "m" and
"mi" and one record with the company name "microsoft". I get a match only
when I type in the full string "microsoft".
Why no match before...
|
by: teachtiro |
last post by:
Hi,
'C' says \ is the escape character to be used when characters are
to be interpreted in an uncommon sense, e.g. \t usage in printf(),
but for printing % through printf(), i have read that %% should be used.
Wouldn't it have been better (from design perspective) if the same
escape character had been used in this case too.
Forgive me for posting without verfying things with any standard
compiler, i don't have the means for now.
|
by: cover |
last post by:
Does anyone know a successful way to use the dollar sign character
within a query and not generate an error?
Here's what I'm trying to do... I have a query that successfully
counts the number of records within a query as well as totalizes the
dollar amount. What I'd like to do is show a dollar sign ahead of the
'amount' total when it queries back to the screen in my html document.
Is there something I can use to null the normal...
| | |
by: no.mail.pls |
last post by:
Hi,
How can i replace a backslash character in a string?
The following does not work:
$wd = strtr($wd, "\", " ");
TIA
|
by: dstyles7 |
last post by:
i created a list box and text box with a command button below
the txt box is used to find info in the list box . i created a sql stament that does this. however i would like to create a wild card where if someone enters caracters from a-z it will pull up a record. below is my current sql statement
SQL = "SELECT LWFieldKey, LWTableLink, LWTableName, , " & _
"FROM LWTABLES INNER JOIN LWFIELDS ON " & _
"LWTABLES.LWTableKey =...
|
by: Sin Jeong-hun |
last post by:
I need to programatically change the SelectCommand of an
SqlDataSource. When I query I use SqlCommand and all the character
escaping is automatically done with SqlCommand.Parameters.Add(); Now,
since SelectCommand property is just a text, I need to manually do the
character escaping. Is there any other built-in query builder that I
can use in this situation?
|
by: Hesekiel |
last post by:
Has anyone come across a way to get around the
limitation that in the MySQL collation
latin1_swedish_ci the backslash character is
considered equal to a-umlaut?
http://www.collation-charts.org/mysql60/mysql604.latin1_swedish_ci.html
5C=C4=E4
I.e. the following queries result in the same set of rows
when latin1_swedish_ci is in use, those containing either character:
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
