Hello and a Question

Hi,

This is my first post to the list. In fact, I just subscribed today. =
I'm a
web programmer at Haverford College in Haverford, PA--just outside of
Philadelphia.

I write a lot of web programs in Perl that rely on MySQL databases. I =
often
find myself "quoting" numerous variables using the Perl MySQL DBI to =
make
sure that they'll insert into my databases properly. I'm not sure if =
that's
the best terminology for what I do, so here's an example:

$my_quoted_variable_name =3D $dbh->quote( qq[$input{'my_variable_name'}] =
);


The preceding line would "quote" the form variable "my_variable_name" =
and
assign it to the variable "$my_quoted_variable_name", which I would then
insert into my MySQL table.

The issue I've run into, though, is that when I have a web form with =
dozens
of variables, I spend a lot of time "quoting" them all--one by one. Is
there an easier way to do this?

If this seems like a simple question and that there's an obvious answer,
you're probably right. I am somewhat of a novice.

Thanks!






Douglas =20


--------------------------------------
Douglas S. Davis
Programmer/Analyst
Haverford College
Department of Administrative Computing
370 Lancaster Ave.
Haverford, PA 19041
610-896-4206
dsdavis@haverford.edu
http://www.haverford.edu=20



--
MySQL Perl Mailing List
For list archives: http://lists.mysql.com/perl
To unsubscribe: http://lists.mysql.com/perl?unsub=3Dgcdmp-msql-mysql-modules @m.gmane.org

Re: Hello and a Question

On Mon, 28 Jun 2004, Douglas S. Davis wrote:

> Hi,
>

Hi.


> This is my first post to the list. In fact, I just subscribed today. I'm a
> web programmer at Haverford College in Haverford, PA--just outside of
> Philadelphia.
>

Welcome.

> I write a lot of web programs in Perl that rely on MySQL databases. I often
> find myself "quoting" numerous variables using the Perl MySQL DBI to make
> sure that they'll insert into my databases properly. I'm not sure if that's
> the best terminology for what I do, so here's an example:
>
> $my_quoted_variable_name = $dbh->quote( qq[$input{'my_variable_name'}] );
>
> The preceding line would "quote" the form variable "my_variable_name" and
> assign it to the variable "$my_quoted_variable_name", which I would then
> insert into my MySQL table.
>
> The issue I've run into, though, is that when I have a web form with dozens
> of variables, I spend a lot of time "quoting" them all--one by one. Is
> there an easier way to do this?


my $sth = $dbh->prepare(q{
SELECT * FROM table where col1=? AND col2=? AND col3=?
});
$sth->execute(map {$cgi->param($_) || undef} qw /col1, col2, col3/);




--
MySQL Perl Mailing List
For list archives: http://lists.mysql.com/perl
To unsubscribe: http://lists.mysql.com/perl?unsub=gcdmp-msql-mysql-modules@m .gmane.org

Re: Hello and a Question

On Mon, 28 Jun 2004, Douglas S. Davis wrote:

> Hi,
>

Hi.


> This is my first post to the list. In fact, I just subscribed today. I'm a
> web programmer at Haverford College in Haverford, PA--just outside of
> Philadelphia.
>

Welcome.

> I write a lot of web programs in Perl that rely on MySQL databases. I often
> find myself "quoting" numerous variables using the Perl MySQL DBI to make
> sure that they'll insert into my databases properly. I'm not sure if that's
> the best terminology for what I do, so here's an example:
>
> $my_quoted_variable_name = $dbh->quote( qq[$input{'my_variable_name'}] );
>
> The preceding line would "quote" the form variable "my_variable_name" and
> assign it to the variable "$my_quoted_variable_name", which I would then
> insert into my MySQL table.
>
> The issue I've run into, though, is that when I have a web form with dozens
> of variables, I spend a lot of time "quoting" them all--one by one. Is
> there an easier way to do this?


my $sth = $dbh->prepare(q{
SELECT * FROM table where col1=? AND col2=? AND col3=?
});
$sth->execute(map {$cgi->param($_) || undef} qw /col1, col2, col3/);




--
MySQL Perl Mailing List
For list archives: http://lists.mysql.com/perl
To unsubscribe: http://lists.mysql.com/perl?unsub=gcdmp-msql-mysql-modules@m .gmane.org

Re: Hello and a Question

On Mon, 2004-06-28 at 13:27, Douglas S. Davis wrote:
> Hi,
>=20
> This is my first post to the list. In fact, I just subscribed today. I'm=
a
> web programmer at Haverford College in Haverford, PA--just outside of
> Philadelphia.
>=20
> I write a lot of web programs in Perl that rely on MySQL databases. I of=
ten
> find myself "quoting" numerous variables using the Perl MySQL DBI to mak=
e
> sure that they'll insert into my databases properly. I'm not sure if tha=
t's
> the best terminology for what I do, so here's an example:
>=20
> $my_quoted_variable_name =3D $dbh->quote( qq[$input{'my_variable_name'}] =
);

You don't need to qq[] the value you get from
$input{'my_variable_name'}. Its redundant. Secondly, if you use '?'
placeholders, DBI will quote everything for you:

my $sql =3D 'INSERT INTO foobar (a,b,c) VALUES (?, ?, ?)';
my $dbh =3D get_db_handle();
my $sth =3D $dbh->prepare($sql);

$sth->execute($input{value_a}, $input{value_b}, $input{value_c});

Read the DBI man page, specifically the "Placeholders and Bind Values"
section for more info.

>=20
> The preceding line would "quote" the form variable "my_variable_name" and
> assign it to the variable "$my_quoted_variable_name", which I would then
> insert into my MySQL table.
>=20
> The issue I've run into, though, is that when I have a web form with doze=
ns
> of variables, I spend a lot of time "quoting" them all--one by one. Is
> there an easier way to do this?
>=20
> If this seems like a simple question and that there's an obvious answer,
> you're probably right. I am somewhat of a novice.
>=20
> Thanks!
>=20
>=20
>=20
>=20
>=20
>=20
> Douglas =20
>=20
>=20
> --------------------------------------
> Douglas S. Davis
> Programmer/Analyst
> Haverford College
> Department of Administrative Computing
> 370 Lancaster Ave.
> Haverford, PA 19041
> 610-896-4206
> dsdavis@haverford.edu
> http://www.haverford.edu
>=20
--=20
.. Garth Webb
.. garth@zappos.com
..
.. shoes * 鞋子 * schoenen * 단화 * chaussures *=
zapatos
.. Schuhe * παπούτσια * pattini=
* é=B4 * sapatas * ботинки

--
MySQL Perl Mailing List
For list archives: http://lists.mysql.com/perl
To unsubscribe: http://lists.mysql.com/perl?unsub=3Dgcdmp-msql-mysql-modules @m.gmane.org

Re: Hello and a Question

On Mon, 2004-06-28 at 13:27, Douglas S. Davis wrote:
> Hi,
>=20
> This is my first post to the list. In fact, I just subscribed today. I'm=
a
> web programmer at Haverford College in Haverford, PA--just outside of
> Philadelphia.
>=20
> I write a lot of web programs in Perl that rely on MySQL databases. I of=
ten
> find myself "quoting" numerous variables using the Perl MySQL DBI to mak=
e
> sure that they'll insert into my databases properly. I'm not sure if tha=
t's
> the best terminology for what I do, so here's an example:
>=20
> $my_quoted_variable_name =3D $dbh->quote( qq[$input{'my_variable_name'}] =
);

You don't need to qq[] the value you get from
$input{'my_variable_name'}. Its redundant. Secondly, if you use '?'
placeholders, DBI will quote everything for you:

my $sql =3D 'INSERT INTO foobar (a,b,c) VALUES (?, ?, ?)';
my $dbh =3D get_db_handle();
my $sth =3D $dbh->prepare($sql);

$sth->execute($input{value_a}, $input{value_b}, $input{value_c});

Read the DBI man page, specifically the "Placeholders and Bind Values"
section for more info.

>=20
> The preceding line would "quote" the form variable "my_variable_name" and
> assign it to the variable "$my_quoted_variable_name", which I would then
> insert into my MySQL table.
>=20
> The issue I've run into, though, is that when I have a web form with doze=
ns
> of variables, I spend a lot of time "quoting" them all--one by one. Is
> there an easier way to do this?
>=20
> If this seems like a simple question and that there's an obvious answer,
> you're probably right. I am somewhat of a novice.
>=20
> Thanks!
>=20
>=20
>=20
>=20
>=20
>=20
> Douglas =20
>=20
>=20
> --------------------------------------
> Douglas S. Davis
> Programmer/Analyst
> Haverford College
> Department of Administrative Computing
> 370 Lancaster Ave.
> Haverford, PA 19041
> 610-896-4206
> dsdavis@haverford.edu
> http://www.haverford.edu
>=20
--=20
.. Garth Webb
.. garth@zappos.com
..
.. shoes * 鞋子 * schoenen * 단화 * chaussures *=
zapatos
.. Schuhe * παπούτσια * pattini=
* é=B4 * sapatas * ботинки

--
MySQL Perl Mailing List
For list archives: http://lists.mysql.com/perl
To unsubscribe: http://lists.mysql.com/perl?unsub=3Dgcdmp-msql-mysql-modules @m.gmane.org

Re: Hello and a Question

On Mon, Jun 28, 2004 at 04:27:49PM -0400, Douglas S. Davis wrote:

> I write a lot of web programs in Perl that rely on MySQL databases. I often
> find myself "quoting" numerous variables using the Perl MySQL DBI to make
> sure that they'll insert into my databases properly. I'm not sure if that's
> the best terminology for what I do, so here's an example:

> $my_quoted_variable_name = $dbh->quote( qq[$input{'my_variable_name'}] );

One solution, if you have built the form with fields something like so:
$q->textfield(-name=>'form_field1',-size=>'20',-maxlength=>' 20'),
$q->textfield(-name=>'form_field2',-size=>'20',-maxlength=>' 20'),
$q->textfield(-name=>'form_field2',-size=>'20',-maxlength=>' 20'),

all the variables on your web based form are available from the array:
my($q) = @_;
$q->import_names('Q');

So you have them individually as $Q::form_field1, $Q::form_field2, etc ...

I find this handy with complex forms and helpful where other people need
to read and understand your work.

Then you can:
my $SQL = <<"EOS";
INSERT into some_table (col1, col2, col3) values ('$Q::form_field1',
'$Q::form_field2', '$Q::form_field3')
EOS
;

my $cursor = $dbh->prepare($SQL);
$cursor->execute;


> The preceding line would "quote" the form variable "my_variable_name" and
> assign it to the variable "$my_quoted_variable_name", which I would then
> insert into my MySQL table.
>
> The issue I've run into, though, is that when I have a web form with dozens
> of variables, I spend a lot of time "quoting" them all--one by one. Is
> there an easier way to do this?
>
> If this seems like a simple question and that there's an obvious answer,
> you're probably right. I am somewhat of a novice.

--


--
MySQL Perl Mailing List
For list archives: http://lists.mysql.com/perl
To unsubscribe: http://lists.mysql.com/perl?unsub=gcdmp-msql-mysql-modules@m .gmane.org

Re: Hello and a Question

On Mon, Jun 28, 2004 at 04:27:49PM -0400, Douglas S. Davis wrote:

> I write a lot of web programs in Perl that rely on MySQL databases. I often
> find myself "quoting" numerous variables using the Perl MySQL DBI to make
> sure that they'll insert into my databases properly. I'm not sure if that's
> the best terminology for what I do, so here's an example:

> $my_quoted_variable_name = $dbh->quote( qq[$input{'my_variable_name'}] );

One solution, if you have built the form with fields something like so:
$q->textfield(-name=>'form_field1',-size=>'20',-maxlength=>' 20'),
$q->textfield(-name=>'form_field2',-size=>'20',-maxlength=>' 20'),
$q->textfield(-name=>'form_field2',-size=>'20',-maxlength=>' 20'),

all the variables on your web based form are available from the array:
my($q) = @_;
$q->import_names('Q');

So you have them individually as $Q::form_field1, $Q::form_field2, etc ...

I find this handy with complex forms and helpful where other people need
to read and understand your work.

Then you can:
my $SQL = <<"EOS";
INSERT into some_table (col1, col2, col3) values ('$Q::form_field1',
'$Q::form_field2', '$Q::form_field3')
EOS
;

my $cursor = $dbh->prepare($SQL);
$cursor->execute;


> The preceding line would "quote" the form variable "my_variable_name" and
> assign it to the variable "$my_quoted_variable_name", which I would then
> insert into my MySQL table.
>
> The issue I've run into, though, is that when I have a web form with dozens
> of variables, I spend a lot of time "quoting" them all--one by one. Is
> there an easier way to do this?
>
> If this seems like a simple question and that there's an obvious answer,
> you're probably right. I am somewhat of a novice.

--


--
MySQL Perl Mailing List
For list archives: http://lists.mysql.com/perl
To unsubscribe: http://lists.mysql.com/perl?unsub=gcdmp-msql-mysql-modules@m .gmane.org

Re: Hello and a Question

dsdavis@haverford.edu (Douglas S. Davis) writes:

> $my_quoted_variable_name =3D $dbh->quote( qq[$input{'my_variable_name'}] =
);

> The issue I've run into, though, is that when I have a web form
> with dozens of variables, I spend a lot of time "quoting" them
> all--one by one. Is there an easier way to do this?

Others have answered this with good ideas; here's another
possibility. You could quote them all at once. Reproduce the input
hash in a duplicate hash, where values are quoted versions of the
original. E.g.:

my %input_q;
for my $key (keys %input) {
$input_q{$key} =3D $dbh->quote($input{$key});
}

Then use

$input_q{something}

instead of

$dbh->quote($input{something})
--=20
Jamie McCarthy
http://mccarthy.vg/
jamie@mccarthy.vg

--
MySQL Perl Mailing List
For list archives: http://lists.mysql.com/perl
To unsubscribe: http://lists.mysql.com/perl?unsub=3Dgcdmp-msql-mysql-modules @m.gmane.org

Re: Hello and a Question

dsdavis@haverford.edu (Douglas S. Davis) writes:

> $my_quoted_variable_name =3D $dbh->quote( qq[$input{'my_variable_name'}] =
);

> The issue I've run into, though, is that when I have a web form
> with dozens of variables, I spend a lot of time "quoting" them
> all--one by one. Is there an easier way to do this?

Others have answered this with good ideas; here's another
possibility. You could quote them all at once. Reproduce the input
hash in a duplicate hash, where values are quoted versions of the
original. E.g.:

my %input_q;
for my $key (keys %input) {
$input_q{$key} =3D $dbh->quote($input{$key});
}

Then use

$input_q{something}

instead of

$dbh->quote($input{something})
--=20
Jamie McCarthy
http://mccarthy.vg/
jamie@mccarthy.vg

--
MySQL Perl Mailing List
For list archives: http://lists.mysql.com/perl
To unsubscribe: http://lists.mysql.com/perl?unsub=3Dgcdmp-msql-mysql-modules @m.gmane.org