List:General Discussion« Previous MessageNext Message »
From:Sasha Pachev Date:July 26 1999 5:35pm
Subject:Re: Imbedded HTML
View as plain text  
Thimble Smith wrote:
> 
> At 10:28, 19990726, Elvis wrote:
> >On Mon, 26 Jul 1999, Steve Wells wrote:
> >> I have a script that gathers URLs and puts them into the database.  Each
> >> of the '?' characters within the URL are replaced by the keyword: NULL.
> >
> >We ran into the same problem and just did (Perl)
> >
> >$String =~ s/\?/?/g;
> >
> >then entered it into the DB.
> >
> >Then upon retrieval, simply did the reverse.
> 
> This isn't the best way to do things!  I'd highly recommend you not do
> it this way.  It's probably not even correct to do that (i.e., you might
> not get out the same data you put in, depending on the query string).
> 
> Here is the correct way to insert data use Perl and DBI, in two
> different forms:
> 
> #1:
>     $dbh = DBI->connect(...);
> 
>     $url = 'http://somewhere.org/some/cgi/query?this=that&foo=bar';
> 
>     $dbh->do("INSERT INTO urls (url) VALUES (?)", undef, $url)
>         or die "do query: ", $dbh->errstr;
> 
>     print "OK, I inserted the URL just fine.\n";
> 
> #2:
>     $dbh = DBI->connect(...);
> 
>     $url = 'http://somewhere.org/some/cgi/query?this=that&foo=bar';
> 
>     $url = $dbh->quote($url);
>     $dbh->do("INSERT INTO urls (url) VALUES ($url)")
>         or die "do query: ", $dbh->errstr;
> 
>     print "OK, I inserted the URL just fine.\n";
> 
> The first way uses what is called a place holder - the question mark
> (?) in the query string.  When you use a place holder, DBI handles
> quoting values for you.
> 
> The second way explicitly quotes the URL value before inserting it.
> 
> I prefer the first way, because it's less typing and less code to
> look at (especially if you're inserting several values at a time).
> But either one will work - use the one that makes the most sense to
> you.
> 
> The important thing is, always (always!) make sure that the values
> you are inserting are quoted properly.  You should never write your
> own quote function - it's unnecessary and you'll probably not do it
> right.  Use the quoting mechanisms that are provided by DBI.
> 
> Tim
> 

Going from the question of how to quote HTML to whether you should do it
at all - generally the only thing you would want to store in the
database is the core data without any formatting, and then format it on
retrieval. The only time you would want to store the actual HTML is when
it changes from row to row in a very irregular/upredictable fashion.

-- 
Sasha Pachev
http://www.sashanet.com/ (home)
http://www.direct1.com/ (work)
Thread
Imbedded HTMLSteve Wells26 Jul
  • Re: Imbedded HTMLElvis26 Jul
    • Re: Imbedded HTMLThimble Smith26 Jul
  • Re: Imbedded HTMLSasha Pachev26 Jul
Re: Imbedded HTMLMagnus Hammar26 Jul