----- Original Message -----
From: "Andrei Boros" <andrix@stripped>
To: <mysql@stripped>
Sent: Monday, January 24, 2000 3:47 AM
Subject: MySQL and Perl syntax
>
> I've made some perl scripts to interface mysql with a http server for a
> personal application. After debugging most of the errors, one user told me
of
> the following:
>
> If he/she entered the " ' " character in a field sent to a char/text
column,
> he/she got back a query syntax error like this :
>
> Can't execute query : insert into db1.configurations
>
(computer_name,cpu,ram,hdd,video,monitor,netcard,modem,sound,printer,cdrom,g
eneric,other,id,photo)
> values('arg3wr','8088','256 bytes','fdd 360 kb','sis 1000 256
> KB','ttf14'','e62g7e','iug8','08y','de unde???','nici atat
','','','1','').
>
> Reason: You have an error in your SQL syntax near
> 'e62g7e','iug8','08y','de undeNULLNULLNULL','nici atat ','','','1','')'
> at line 1
>
> Also, these three "???" generated a "NULLNULLNULL". How can I go around
these
> special characters?
>
> --
> Andrix
> E-mail: mailto:andrix@stripped: 0009rs.tripod.com/andrei_b
Using $dbh->quote() should cure both of these problems. The misquoting
happens before the ???, so I think perhaps DBI thought you were trying to
use placeholders .. but you didn't pass anything in your $sth->execute(),
and therefore ? = NULL.
perldoc DBI ... can explain more.
Also quoters beware, when using $dbh->quote("hello_world%") with SELECT and
LIKE, by default -- the underscore and percent signs are left untouched.
-Jay J
