By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,847 Members | 1,375 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,847 IT Pros & Developers. It's quick & easy.

escaping quotes in a mysql insert statment

P: 1
Hello, I'm having a problem with double quotes, @ symbols and # signs.
When a user submits a text field with those symboles for example, its cuts them off like so...
Expand|Select|Wrap|Line Numbers
  1. INSERT INTO po_item SET po_id='5304', descrip='10@9', price='0.0000' 
the descrip should have more text after it but a double quote is killing the rest of the input data.
descrip="10@9"x10/M' tt20y / donnick stock";

but as you can see the second set of quotes is killing it.

Currently i thought this was the solution but i guess i was wrong.

Expand|Select|Wrap|Line Numbers
  1. while(($key,$value)=each(%data)){
  2.         $value=~ s/(["'])/\\$1/g;
  3.         $query.=" $key='$value',";
i thought the $value line would escape those double quotes...anyone know what i should do
Mar 31 '08 #1
Share this Question
Share on Google+
1 Reply

Expert 100+
P: 971
I would suggest something like so.
Expand|Select|Wrap|Line Numbers
  1. my $insert =  $dbh->prepare('INSERT INTO table(coulumn1) Values(?)');
  2.    $insert->execute($var1);
This will automatically escape any special characters in $var1. You can also use the quote function. Also, I believe that SET is used when updating a table not inserting new.

Apr 1 '08 #2

Post your reply

Sign in to post your reply or Sign up for a free account.