Thread: ...
Hi!
I have an annoying problem, that I just haven't been able to get around yet. When I parse the
input from a form and go to insert it eveything works fine as long as the user doesn't use
the ' character in the input. I've tried using qw{} and qq{}, which either don't interpolate
or give me errors. Anyone have any suggestions? Postgres 6.4, Apache 1.3, mod_perl 1.16.
The insert statement is below.
my $query_string=qq{INSERT INTO CALLS (ca_service_id, ca_org_name, ca_phone_number, ca_status,
ca_product, ca_problem, ca_resolution, ca_contact_name, ca_assigned, ca_date) VALUES ('$service_id',
'$org_name', '$phone_number', '$status', '$product', '$problem', '$resolution', '$contact',
'$assigned', '$time_now')};
Thanks in advance.
Ken Wills
GFC Call Center
Email: gfchelp@gflesch.com
Phone: 1-888-4325556
Fax: 1-608-2222432
Ken Wills wrote:
> Hi!
>
> I have an annoying problem, that I just haven't been able to get around yet. When I parse the
> input from a form and go to insert it eveything works fine as long as the user doesn't use
> the ' character in the input. I've tried using qw{} and qq{}, which either don't interpolate
> or give me errors. Anyone have any suggestions? Postgres 6.4, Apache 1.3, mod_perl 1.16.
> The insert statement is below.
>
> my $query_string=qq{INSERT INTO CALLS (ca_service_id, ca_org_name, ca_phone_number, ca_status,
> ca_product, ca_problem, ca_resolution, ca_contact_name, ca_assigned, ca_date) VALUES ('$service_id',
> '$org_name', '$phone_number', '$status', '$product', '$problem', '$resolution', '$contact',
> '$assigned', '$time_now')};
>
I have the same problem with DB2. I encode the ' character as &39 or 0x39. Then on output I reparse the
field and display the results. (I also encode the & character or whatever I use to delimit the
character.)
--
Bill Cunningham
Database Development Project Lead
Bally Systems
Hi Ken, Bill and all
Na!
First, as a web interface you should be using PHP 3.x, you are right?
OK, that said, do this:
$chktext = ereg_replace("'", "''", $chktext);
That will take every ' in the data, and replace it with '' (2 ') which is
how you escape a ' in PostgreSQL (and all SQL?).
Hope that helps, have a great day
Terry
On Mon, 30 Nov 1998, Bill Cunningham wrote:
> Ken Wills wrote:
>
> > Hi!
> >
> > I have an annoying problem, that I just haven't been able to get around yet. When I parse the
> > input from a form and go to insert it eveything works fine as long as the user doesn't use
> > the ' character in the input. I've tried using qw{} and qq{}, which either don't interpolate
> > or give me errors. Anyone have any suggestions? Postgres 6.4, Apache 1.3, mod_perl 1.16.
> > The insert statement is below.
> >
> > my $query_string=qq{INSERT INTO CALLS (ca_service_id, ca_org_name, ca_phone_number, ca_status,
> > ca_product, ca_problem, ca_resolution, ca_contact_name, ca_assigned, ca_date) VALUES ('$service_id',
> > '$org_name', '$phone_number', '$status', '$product', '$problem', '$resolution', '$contact',
> > '$assigned', '$time_now')};
> >
>
> I have the same problem with DB2. I encode the ' character as &39 or 0x39. Then on output I reparse the
> field and display the results. (I also encode the & character or whatever I use to delimit the
> character.)
>
>
> --
> Bill Cunningham
> Database Development Project Lead
> Bally Systems
>
>
>
>
Terry Mackintosh <terry@terrym.com> http://www.terrym.com
sysadmin/owner Please! No MIME encoded or HTML mail, unless needed.
Proudly powered by R H Linux 4.2, Apache 1.3, PHP 3, PostgreSQL 6.4
-------------------------------------------------------------------
Success Is A Choice ... book by Rick Patino, get it, read it!
On Mon, 30 Nov 1998, Terry Mackintosh wrote:
> Hi Ken, Bill and all
>
> Na!
> First, as a web interface you should be using PHP 3.x, you are right?
Actually, my personal preference is perl for web interfaces
*shrug*
Marc G. Fournier
Systems Administrator @ hub.org
primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org
On Mon, 30 Nov 1998, Terry Mackintosh wrote:
>Hi Ken, Bill and all
>
>Na!
>First, as a web interface you should be using PHP 3.x, you are right?
>
>OK, that said, do this:
>$chktext = ereg_replace("'", "''", $chktext);
Can't you just enable magic quotes in the php3 conf file to have this
accomplished automatically? Or call:
$chktext = addslashes($chktext);
>That will take every ' in the data, and replace it with '' (2 ') which is
>how you escape a ' in PostgreSQL (and all SQL?).
>
>Hope that helps, have a great day
>Terry
>
>On Mon, 30 Nov 1998, Bill Cunningham wrote:
>
>> Ken Wills wrote:
>>
>> > Hi!
>> >
>> > I have an annoying problem, that I just haven't been able to get around yet. When I parse the
>> > input from a form and go to insert it eveything works fine as long as the user doesn't use
>> > the ' character in the input. I've tried using qw{} and qq{}, which either don't interpolate
>> > or give me errors. Anyone have any suggestions? Postgres 6.4, Apache 1.3, mod_perl 1.16.
>> > The insert statement is below.
>> >
>> > my $query_string=qq{INSERT INTO CALLS (ca_service_id, ca_org_name, ca_phone_number, ca_status,
>> > ca_product, ca_problem, ca_resolution, ca_contact_name, ca_assigned, ca_date) VALUES ('$service_id',
>> > '$org_name', '$phone_number', '$status', '$product', '$problem', '$resolution', '$contact',
>> > '$assigned', '$time_now')};
>> >
>>
>> I have the same problem with DB2. I encode the ' character as &39 or 0x39. Then on output I reparse the
>> field and display the results. (I also encode the & character or whatever I use to delimit the
>> character.)
>>
>>
>> --
>> Bill Cunningham
>> Database Development Project Lead
>> Bally Systems
>>
>>
>>
>>
>
>Terry Mackintosh <terry@terrym.com> http://www.terrym.com
>sysadmin/owner Please! No MIME encoded or HTML mail, unless needed.
>
>Proudly powered by R H Linux 4.2, Apache 1.3, PHP 3, PostgreSQL 6.4
>-------------------------------------------------------------------
>Success Is A Choice ... book by Rick Patino, get it, read it!
--
Sincerely,
Jason Boxman
uselinux@email.com
benefits@cybertechs.com
"We have lived not in proportion to the number of years we have
spent on the earth, but in proportion as we have enjoyed."
-Henry David Thoreau