| From: | Thomas Good <tomg(at)sqlclinic(dot)net> |
|---|---|
| To: | "PostgreSQL::SQL List" <pgsql-sql(at)postgreSQL(dot)org> |
| Subject: | Re: escape single quote in INSERT command |
| Date: | 2002-11-26 18:41:42 |
| Message-ID: | Pine.LNX.4.33.0211261341190.15797-100000@q8.nrnet.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
On Wed, 27 Nov 2002 mallah(at)trade-india(dot)com wrote:
> Why dont' you use prepare and execute in case you are using DBI
> same program is like this.
>
> $dbh = DBI -> connect ( "......");
> $sth = $dbh -> prepare("insert into tab (a,b) values (?,?)");
> $sth -> execute($a , $b );
> $sth -> finish();
> $dbh -> commit();
> $dbh -> disconnect();
> I'd like to put escape characters in my
> > insert command to accommodate for '
$dbh->quote() will do the escaping for DBI but be careful with dates
as the variable binding does not always behave as expected.
You can esc the single with another single, ala ANSI SQL: ''
This works in Oracle, PG and MySQL for sure.
In perl: $name =~ s/\'/\'\'/g;
$query = qq |insert into x values ('$name')|;
and so on...
Now, can some kind soul tell me how to do an 'insert into x select y;'
where x is a numeric(19,2) and y is a money type???
-----------------------------------------------------------------------
Thomas Good e-mail: tomg(at)sqlclinic(dot)net
Programmer/Analyst phone: (+1) 718.818.5528
Residential Services fax: (+1) 718.818.5056
Behavioral Health Services, SVCMC-NY mobile: (+1) 917.282.7359
-- Geistiges Eigentum ist Diebstahl! --
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dan Langille | 2002-11-26 18:47:20 | Re: escape single quote in INSERT command |
| Previous Message | mallah | 2002-11-26 18:31:26 | Re: escape single quote in INSERT command |