Thread: Quoting backticks

Quoting backticks

From
golliher@coe.uga.edu
Date:
I can not manage to get strings with backtick characters into a postgres database using the DBD:Pg module.  I've tried
usingthe built in quote method and escaping the backticks with a regex.. still no joy.
 
 Am I missing something?  Is this a bug?  Is it with DBD:Pg, DBI or Postgres itself?
 Code snippet follows.. all replies appreciated.


-darrell golliher



This is an except from a CGI program.  If one of the form parameters
contains a backtick, then the update fails.  Otherwise updates are
successful.  Since everybody hitting my application wants to type 
contractions like "can't", " won't", and  "shouldn't" the script fails
a lot. :(

my $hacks = $hackday_dbh->quote(param('hacks'));my $schedule = $hackday_dbh->quote(param('schedule'));$schedule =~
s/'/\'/g;my$stuff = $hackday_dbh->quote(param('stuff'));my $shout = $hackday_dbh->quote(param('shout'));my $attending =
$hackday_dbh->quote(param('attending'));
my %cookiedata = cookie('coewos');my $userid = $cookiedata{'userid'};
my $query = "update data SET shout='$shout',hacks='$hacks',schedule='$schedule',attending='$attending',stuff='$stuff'
whereemail ~* '$userid'";my $sth = $hackday_dbh->prepare($query);$sth->execute;