Thread: escape single quote in INSERT command

escape single quote in INSERT command

From

dave_h4@yahoo.com (Hunter)

Date:

26 November 2002, 12:10:50

Hi Group - 

I have a perl application for a registration form. I'd like to put
escape characters in my insert command to accommodate for '
(i.e. O'Brien, O'Malley, etc). I've tired double quotes, single
quotes, back tick, forward ticks, curly bracket, round brackets - no
success.


Thanks, dave

Re: escape single quote in INSERT command

From

"mark carew"

Date:

26 November 2002, 12:11:11

Woops should have been  masquerading

Re: escape single quote in INSERT command

From

Date:

26 November 2002, 16:31:40

> Hi Group -
>
> I have a perl application for a registration form.

Same Here,

Why dont' you use prepare and execute  in case you are using DBI
same program is like this.

$dbh = DBI -> connect ( "......");
$sth = $dbh -> prepare("insert into tab (a,b) values (?,?)");
$sth -> execute($a , $b );
$sth -> finish();
$dbh -> commit();
$dbh -> disconnect();


regds
mallah.


I'd like to put escape characters in my
> insert command to accommodate for '
> (i.e. O'Brien, O'Malley, etc). I've tired double quotes, single
> quotes, back tick, forward ticks, curly bracket, round brackets - no success.
>
>
> Thanks, dave
>
> ---------------------------(end of broadcast)--------------------------- TIP 6: Have you
> searched our list archives?
>
> http://archives.postgresql.org



-----------------------------------------
Get your free web based email at trade-india.com.  "India's Leading B2B eMarketplace.!"
http://www.trade-india.com/

Re: escape single quote in INSERT command

From

"Dan Langille"

Date:

26 November 2002, 16:47:23

On 27 Nov 2002 at 0:01, mallah@trade-india.com wrote:

> > Hi Group -
> >
> > I have a perl application for a registration form.
> 
> Same Here,
> 
> Why dont' you use prepare and execute  in case you are using DBI
> same program is like this.
> 
> $dbh = DBI -> connect ( "......");
> $sth = $dbh -> prepare("insert into tab (a,b) values (?,?)");
> $sth -> execute($a , $b );
> $sth -> finish();
> $dbh -> commit();
> $dbh -> disconnect();

IIRC, there is a dbi->quote() function as well.  That should properly 
escape anything.
-- 
Dan Langille : http://www.langille.org/

Re: escape single quote in INSERT command

From

Thomas Good

Date:

26 November 2002, 16:59:18

On Wed, 27 Nov 2002 mallah@trade-india.com wrote:

> Why dont' you use prepare and execute  in case you are using DBI
> same program is like this.
>
> $dbh = DBI -> connect ( "......");
> $sth = $dbh -> prepare("insert into tab (a,b) values (?,?)");
> $sth -> execute($a , $b );
> $sth -> finish();
> $dbh -> commit();
> $dbh -> disconnect();

> I'd like to put escape characters in my
> > insert command to accommodate for '

$dbh->quote() will do the escaping for DBI but be careful with dates
as the variable binding does not always behave as expected.

You can esc the single with another single, ala ANSI SQL: ''
This works in Oracle, PG and MySQL for sure.

In perl:  $name =~ s/\'/\'\'/g;
$query = qq |insert into x values ('$name')|;
and so on...

Now, can some kind soul tell me how to do an 'insert into x select y;'
where x is a numeric(19,2) and y is a money type???
-----------------------------------------------------------------------
Thomas Good                                  e-mail: tomg@sqlclinic.net
Programmer/Analyst                           phone:   (+1) 718.818.5528
Residential Services                         fax:     (+1) 718.818.5056
Behavioral Health Services, SVCMC-NY         mobile:  (+1) 917.282.7359
   --            Geistiges Eigentum ist Diebstahl!              --

Re: escape single quote in INSERT command

From

Thomas Good

Date:

26 November 2002, 17:02:01

On Wed, 27 Nov 2002 mallah@trade-india.com wrote:

> Why dont' you use prepare and execute  in case you are using DBI
> same program is like this.
>
> $dbh = DBI -> connect ( "......");
> $sth = $dbh -> prepare("insert into tab (a,b) values (?,?)");
> $sth -> execute($a , $b );
> $sth -> finish();
> $dbh -> commit();
> $dbh -> disconnect();

> I'd like to put escape characters in my
> > insert command to accommodate for '

$dbh->quote() will do the escaping for DBI but be careful with dates
as the variable binding does not always behave as expected.

You can esc the single with another single, ala ANSI SQL: ''
This works in Oracle, PG and MySQL for sure.

In perl:  $name =~ s/\'/\'\'/g;
$query = qq |insert into x values ('$name')|;
and so on...

Now, can some kind soul tell me how to do an 'insert into x select y;'
where x is a numeric(19,2) and y is a money type???
-----------------------------------------------------------------------
Thomas Good                                  e-mail: tomg@sqlclinic.net
Programmer/Analyst                           phone:   (+1) 718.818.5528
Residential Services                         fax:     (+1) 718.818.5056
Behavioral Health Services, SVCMC-NY         mobile:  (+1) 917.282.7359
   --            Geistiges Eigentum ist Diebstahl!              --