DBI escape_string

Hi There,

On http://www.codepedia.com/1/PerlDBITutorial I found that prepare()
would escape a string.
Now I have a query like this:
"INSERT INTO logs (source, date, time, program, msg, inserttime) VALUES
('NovaxPRG-T0029', '2009-11-02', '09:51:11', 'NovaxPRG', 'NovaxPRG
[931]: T0029: CRITICAL: couldn't establish connection with INIT
Priority=-1 Position=0:0 Speed=0 Heading=0 Intersection= Approach="
and mysql tells me
"execute failed: You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near 't establish connection with INIT Priority=-1
Position=0:0 Speed=0 Heading=0 Inte' at line 1 at /root/cron/
log_parser.pl line 143."

even tho my code I pass the query to prepare() first. Why that? A
code snippet:
print "Query: ".$query."\n";
$pre = $dbh->prepare($query) || die "Error: ".$dbh-
>errstr."\n";
$pre->execute || "Error: ".$dbh->errstr."\n";

Why is that? What am i doing wrong? The apostrophy in my query
apparently is messing it all up.
Thanks for help and suggestions!
Ron


--
To unsubscribe, e-mail: beginners-unsubscribe@perl.org
For additional commands, e-mail: beginners-help@perl.org
http://learn.perl.org/

Re: DBI escape_string

--00032555a906df7cf50477a51e85
Content-Type: text/plain; charset=ISO-8859-1

your last field included in the query ('msg') has an apostrophe in the
middle of the text, as well as not be closed with a single quote before the
entire string is closed with the double quote. you can't include an
unescaped single quote inside a single-quoted string, nor can you include an
unescaped double quote inside a double-quoted string. look into using
something like

.... $dbh->prepare( qq{$query} ) ...

to correctly handle multiple quotes. whatever actions the prepare()
function performs, cleaning up incorrect quotes is not included.


On Thu, Nov 5, 2009 at 1:18 PM, cerr wrote:

> Hi There,
>
> On http://www.codepedia.com/1/PerlDBITutorial I found that prepare()
> would escape a string.
> Now I have a query like this:
> "INSERT INTO logs (source, date, time, program, msg, inserttime) VALUES
> ('NovaxPRG-T0029', '2009-11-02', '09:51:11', 'NovaxPRG', 'NovaxPRG
> [931]: T0029: CRITICAL: couldn't establish connection with INIT
> Priority=-1 Position=0:0 Speed=0 Heading=0 Intersection= Approach="
> and mysql tells me
> "execute failed: You have an error in your SQL syntax; check the
> manual that corresponds to your MySQL server version for the right
> syntax to use near 't establish connection with INIT Priority=-1
> Position=0:0 Speed=0 Heading=0 Inte' at line 1 at /root/cron/
> log_parser.pl line 143."
>
> even tho my code I pass the query to prepare() first. Why that? A
> code snippet:
> print "Query: ".$query."\n";
> $pre = $dbh->prepare($query) || die "Error: ".$dbh-
> >errstr."\n";
> $pre->execute || "Error: ".$dbh->errstr."\n";
>
> Why is that? What am i doing wrong? The apostrophy in my query
> apparently is messing it all up.
> Thanks for help and suggestions!
> Ron
>
>
> --
> To unsubscribe, e-mail: beginners-unsubscribe@perl.org
> For additional commands, e-mail: beginners-help@perl.org
> http://learn.perl.org/
>
>
>


--
since this is a gmail account, please verify the mailing list is included in
the reply to addresses

--00032555a906df7cf50477a51e85--