| From: | Harald Fuchs <nospam(at)sap(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: DBD::Pg problem |
| Date: | 2003-12-03 14:39:25 |
| Message-ID: | pu4qwix8wy.fsf@srv.protecting.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
In article <3FCDE437(dot)9060309(at)cog(dot)ufl(dot)edu>,
Barbara Lindsey <blindsey(at)cog(dot)ufl(dot)edu> writes:
> When I have problems like this, I do something like this:
> $sql="insert into it_contact (email, to_email,
> subject,details,modify,parent) values(
> '".$from."','".$to,"','".$subject."','".$body."', now(),'".$parent."')";
> Then you dont have to bind params. You can just prepare and execute.
... and get interesting results if one of the variables contains
quotes or backslashes.
I often use something like that:
$dbh->do (q{
INSERT INTO it_contact (email, to_email, subject, details, modify, parent)
VALUES (?, ?, ?, ?, ?, ?)
}, undef, $from, $to, $subject, $body, now(), $parent);
This lets DBI do the proper quoting for you.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jan Wieck | 2003-12-03 14:43:04 | Re: Feature Request for 7.5 |
| Previous Message | Doug McNaught | 2003-12-03 14:08:45 | Re: DBD::Pg problem |