List:General Discussion« Previous MessageNext Message »
From:Chris Date:September 16 1999 2:18pm
Subject:Re: update and $dbh->quote
View as plain text  

Hmmm...You might want to comment out your first attempt at quoting...you
are modifying the value of $FORM{'message'} within a loop, escaping the
single quote character each time (This would account for the many
backslashes [or forward slashes, I never get that right] in your inserted
values).

--Chris

On Thu, 16 Sep 1999 jice@stripped wrote:

> 
> On Thu, 16 Sep 1999, Chris wrote:
> 
> > 
> > Can you post the new relevant code (to include any control loops it is
> > in).
> > 
> > --Chris
> 
> 
> can do...
> 
> foreach $recipiant (@u_list) {
>     print "$count\) $recipiant: ";
>     $count++;
>     $sth = $dbh->prepare("select * from email where
>                                username = '$recipiant'") or &error;
>     $sth->execute &error;
>     @columns = @{$sth->{NAME}};
>     while($row_hash = $sth->fetchrow_hashref) {
>       if ($FORM{subject} eq "") {
>         $FORM{subject} = "No Subject";
>       }
>       $FORM{message} =~ s/'/\\'/g;   # me trying to escape before
>       $FORM{message} =~ s/\|:\|/ /g; # i knew of quote()
>       $FORM{subject} =~ s/'/\\'/g;
>       $FORM{subject} =~ s/\|:\|/ /g;
>       $date = `date +%Y-%m-%d`;
>       chomp $date;
>       $rand = rand(1134);
>       $message =
>       qq($FORM{username}|:|$FORM{subject}|:|$date|:|$rand|:|$FORM{message});
>       foreach $column (@columns) {
>         if ($row_hash->{$column} eq "") {
>           $dbh->do("update email set $column = " . $dbh->quote($message) .
>                    "where username = '$recipiant'") or &error;
>           print "Put into $column<br>\n";
>           last;
>         } elsif ($column eq $columns[$#columns]) {
>            $col = scalar(@columns);
>            $m = "m$col";
>            $dbh->do("alter table email add column $m blob") or &error;
>            $dbh->do("update email set $m = " . $dbh->quote($message) .
>                     "where username = '$recipiant'") or &error;
>            print "Made and put into $m<br>\n";
>            last;
>         }
>       }
>    }
> }
> 
> 
> > 
> > On Thu, 16 Sep 1999 jice@stripped wrote:
> > 
> > > I just modified and tried my script to
> > > use the Jesse's recommend technique and it worked but 
> > > it did something very odd.  In the body of the $message
> > > is the word    Cinema's   before the  ' was causing update to fail, now it
> > > is escaped but it went into the db as
> > >
> Cinema\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'s
> > > can anyone explain this?
> > > 
> > > thank you,
> > > joe
> > > 
> > > On Thu, 16 Sep 1999, Jesse wrote:
> > > 
> > > > At 01:14 AM 9/16/99 -0500, Jay J wrote:
> > > > 
> > > > >> hi,
> > > > >>   i'm trying to do this with DBD::mysql:
> > > > >>
> > > > >> $quo_mesg = $dbh->quote($message) or &error;
> > > > >> $dbh->do("update email set $column = '$quo_mesg'
> > > > >>           where username = '$recipiant'");
> > > > >>
> > > > >>
> > > > >> and  DBI::errstr is giving me an error i don't
> > > > >> understand.  Is it okay to use quote with and update
> statment?
> > > > >
> > > > >Which "error I don't understand" would that be?
> > > > >
> > > > >Sure it's okay .. AMOF in that snippit, DBI::quote has nothing to
> do with
> > > > >the update.
> > > > 
> > > > Actually, I think it has a lot to do with it!
> > > > 
> > > > If you generated your quoting with dbh->quote, you don't then need
> the
> > > > surrounding single quotes in your update statment. So another way of
> saying
> > > > this might be:
> > > > 
> > > > $dbh->do ("update email set $column = " . $dbh->quote($message)
> .
> > > > 		" where username = '$recipiant'");
> > > > 
> > > > Since it's not clear to me that quote *could* fail, you don't need
> > > > to test it for errors.
> > > > 
> > > > You got an error because you were setting $column to ''$message''.
> > > > 
> > > > Read the documentation on the quote() method in DBI manpage:
> > > > > quote
> > > > > ...
> > > > >         Quote a string literal for use in an SQL statement by
> > > > >         escaping any special characters (such as quotation
> > > > >         marks) contained within the string *and* adding the
> > > > >         required type of outer quotation marks.
> > > > >
> > > > 
> > > > 
> > > > Jesse
> > > > 
> > > > 
> > > > ---------------------------------------------------------------------
> > > > Please check "http://www.mysql.com/Manual_chapter/manual_toc.html"
> before
> > > > posting. To request this thread, e-mail
> mysql-thread13243@stripped
> > > > 
> > > > To unsubscribe, send a message to the address shown in the
> > > > List-Unsubscribe header of this message. If you cannot see it,
> > > > e-mail mysql-unsubscribe@stripped instead.
> > > > 
> > > 
> > > 
> > > ---------------------------------------------------------------------
> > > Please check "http://www.mysql.com/Manual_chapter/manual_toc.html" before
> > > posting. To request this thread, e-mail mysql-thread13276@stripped
> > > 
> > > To unsubscribe, send a message to the address shown in the
> > > List-Unsubscribe header of this message. If you cannot see it,
> > > e-mail mysql-unsubscribe@stripped instead.
> > > 
> > 
> > 
> 

Thread
Sum/group by/having error in 3.23.3web16 Sep
  • update and $dbh->quotejice16 Sep
    • Re: update and $dbh->quoteJay J16 Sep
      • Re: update and $dbh->quoteJesse16 Sep
        • Re: update and $dbh->quotejice16 Sep
          • Re: update and $dbh->quoteChris16 Sep
            • Re: update and $dbh->quotejice16 Sep
              • Re: update and $dbh->quoteChris16 Sep
                • Re: update and $dbh->quotejice16 Sep
    • Re: update and $dbh->quoteJay J16 Sep
      • Re: update and $dbh->quotejice16 Sep
  • Sum/group by/having error in 3.23.3Michael Widenius18 Sep