From: | The Hermit Hacker <scrappy(at)hub(dot)org> |
---|---|
To: | gfchelp(at)gflesch(dot)com |
Cc: | pgsql-interfaces(at)postgresql(dot)org |
Subject: | Re: your mail |
Date: | 1998-11-23 14:11:02 |
Message-ID: | Pine.BSF.4.05.9811231010020.29640-100000@thelab.hub.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin pgsql-interfaces |
Redirected to -interfaces vs -admin
On Mon, 23 Nov 1998, Ken Wills wrote:
> Hi!
>
> I have an annoying problem, that I just haven't been able to get around yet. When I parse the
> input from a form and go to insert it eveything works fine as long as the user doesn't use
> the ' character in the input. I've tried using qw{} and qq{}, which either don't interpolate
> or give me errors. Anyone have any suggestions? Postgres 6.4, Apache 1.3, mod_perl 1.16.
> The insert statement is below.
>
>
> my $query_string=qq{INSERT INTO CALLS (ca_service_id, ca_org_name, ca_phone_number, ca_status,
> ca_product, ca_problem, ca_resolution, ca_contact_name, ca_assigned, ca_date) VALUES ('$service_id',
> '$org_name', '$phone_number', '$status', '$product', '$problem', '$resolution', '$contact',
> '$assigned', '$time_now')};
escape your imput strings first...something like:
$phone_number =~ s/'/\\'/g;
Marc G. Fournier
Systems Administrator @ hub.org
primary: scrappy(at)hub(dot)org secondary: scrappy(at){freebsd|postgresql}.org
From | Date | Subject | |
---|---|---|---|
Next Message | Ken Wills | 1998-11-23 14:45:32 | RE: your mail (Should have been problems with ') |
Previous Message | Ken Wills | 1998-11-23 13:38:02 |
From | Date | Subject | |
---|---|---|---|
Next Message | Ken Wills | 1998-11-23 14:45:32 | RE: your mail (Should have been problems with ') |
Previous Message | Edhi Nugroho | 1998-11-23 13:59:12 | Pgaccess 0.91, core dumped |