[Pdx-pm] Escaping strings for SQL insertion

Roderick A. Anderson raa at mailporter.net
Tue Feb 15 16:18:39 PST 2005


This just went by on the PLUG list today and I was smiling thinking "I 
don't make those mistakes" ... then reality slapped my along side the 
head.  While testing an older application I entered single quotes ( 
apostrophes ) in a string and Win32::ODBC mostly choked.

So I've been looking on CPAN but didn't see anything that looks "right".

Win32::ODBC doesn't have ( from what I can tell ) quote/unquote 
functions and DBI only has quote.  I'll be converting to DBI shortly and 
would bet I could kludge something together to unquote my strings before 
passing them back but in the mean time anyone have a quick method to 
make strings SQL safe or safe for SQL?


Thanks,
Rod
-- 
---
[This E-mail scanned for viruses by Declude Virus]



More information about the Pdx-pm-list mailing list