On Tue, Jul 25, 2006 at 05:06:31PM -0500, John Jetmore wrote:
> On Tue, 25 Jul 2006, Marc Perkel wrote:
>
> > print "insert ignore into karma (ip,expire,hostname) values
> > ('",$ip_address,"',",time()+200000,",'",$hostname,"');\n";
>
> variables interpolate in "" quote strings in perl, so the only thing you
> have to exclude from the strings is the time()+200000 expression. Then
> you can join the pieces with the '.' operator, which is the string
> concatenate operator:
>
> mysql("insert ignore into karma (ip,expire,hostname) values " .
> "('$ip_address'," . time()+200000 . ",'$hostname')");
> (if memory serves you don't need the semicolon to terminate the statement
> when using the perl modules w/ mysql, and you definitely don't need the
> newline).
>
> and then use $_[0] or shift it into another var to use.
>
I missed the initial question. If you are using DBI you want to use
placeholders if your database driver supports them. Placeholders
handle all the quoting problems for you; it is a level of expertise
which you want to attain.
# off-hand code
my $s = prepare(
"insert into products ( code, price, descript )
values ( ?, ?, ?)" ); # the ?s are the parameter placeholders
$s->bind_param( 1, $code, {TYPE => DBI::SQL_VARCHAR});
$s->bind_param( 2, $price ); # the 3rd arg is optional
$s->bind_param( 3, $description );
$s->execute();
Be well,
rir
