From: | Doug McNaught <doug(at)mcnaught(dot)org> |
---|---|
To: | blindsey(at)cog(dot)ufl(dot)edu |
Cc: | Ausrack Webmaster <webmaster(at)ausrack(dot)com(dot)au>, "'Martijn van Oosterhout'" <kleptog(at)svana(dot)org>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: DBD::Pg problem |
Date: | 2003-12-03 14:08:45 |
Message-ID: | 87ad6a9eoi.fsf@asmodeus.mcnaught.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Barbara Lindsey <blindsey(at)cog(dot)ufl(dot)edu> writes:
> When I have problems like this, I do something like this:
> $sql="insert into it_contact (email, to_email,
> subject,details,modify,parent) values(
> '".$from."','".$to,"','".$subject."','".$body."',
> now(),'".$parent."')";
>
> Then you dont have to bind params. You can just prepare and execute.
If you do this in production (rather than just for debugging) you may
be vulnerable to an SQL injection attack...
> Besides that, you can print the $sql string with the expanded
> variables and copy and paste it into psql to see if that gets you a
> different error to help debug if it is not already obvious when you
> see the whole SQL.
...but it is useful for debugging.
-Doug
From | Date | Subject | |
---|---|---|---|
Next Message | Harald Fuchs | 2003-12-03 14:39:25 | Re: DBD::Pg problem |
Previous Message | Christopher Browne | 2003-12-03 14:01:02 | Re: Money data type in PostgreSQL? |