escaping quotes in a mysql insert statment

alanv

New Member

Join Date: Mar 2008

Posts: 1
#1

escaping quotes in a mysql insert statment

Mar 31 '08, 07:37 PM

Hello, I'm having a problem with double quotes, @ symbols and # signs.
When a user submits a text field with those symboles for example, its cuts them off like so...

Code:

INSERT INTO po_item SET po_id='5304', descrip='10@9', price='0.0000'

the descrip should have more text after it but a double quote is killing the rest of the input data.
descrip="10@9"x 10/M' tt20y / donnick stock";

but as you can see the second set of quotes is killing it.

Currently i thought this was the solution but i guess i was wrong.

Code:

while(($key,$value)=each(%data)){ $value=~ s/(["'])/\\$1/g; $query.=" $key='$value',";

i thought the $value line would escape those double quotes...anyone know what i should do

Last edited by eWish; Apr 1 '08, 02:14 AM. Reason: Please use code tags
Tags: None
eWish

Recognized Expert Contributor

Join Date: Jul 2007

Posts: 973
#2

Apr 1 '08, 02:21 AM

I would suggest something like so.
[CODE=perl]
my $insert = $dbh->prepare('INSER T INTO table(coulumn1) Values(?)');
$insert->execute($var1) ;[/CODE]
This will automatically escape any special characters in $var1. You can also use the quote function. Also, I believe that SET is used when updating a table not inserting new.

--Kevin
Comment

Comment