How to insert text into mysql having quotes using perl ? It seems difficult to insert text containing ' & ". I'm using Perl DBI module & DB is mysql.
UPDATE:
here is my query
my $s = "INSERT INTO comment(guid,review_id) VALUES ('$guid','$review_id')";
You should read section 'Placeholders and Bind Values' in man DBI
EDIT: added example
my $s = "insert into comment(guid,review_id) values (?, ?)";
$dbh->do( $s, undef, $guid, $review_id) or die $dbh->errstr;
Your old query would have been something like this:
my $s = "insert into comment(guid,review_id) values ('$guid','$review_id')";
$dbh->do($s);
The better way, using placeholders and bind values as per @AlexD's answer, would look like this:
my $sth = $dbh->prepare("insert into comment(guid,review_id) values (?, ?)";);
$sth->execute($guid, $review_id);
To learn about the security risks of your first approach, have a look at SQL injection attacks on Wikipedia.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With