Hi all,
as far as I know, parameters used with execute() will be quoted correctly. =
Now I have the following code:
foreach ( [at] search_fields) {
my ($value) =3D $q->param($_) =3D~ /([\S ]*)/;
$value =3D '%' . $value . '%';
push [at] search_values, $value;
}
my $query =3D (...);
my $sth =3D $dbh->prepare($query);
$sth->execute( [at] search_values);
(...) stands for a lenghty query string, which contains placeholders in the=
order of [at] search_fields/ [at] search_values.
This works fine, as long as the strings to be searched do not contain singl=
e quotes. Searching for "O'Reilly", for example, returns nothing, while the=
re are several O'Reilly titles in the database.
I tried to include an additional call to quote() in the forearch loop, but =
it did not solve the problem.
Any suggestions? Thanks.
- Jan
--
The day Microsoft makes something that doesn't suck is the day they start s=
elling vacuum cleaners.
--
MySQL Perl Mailing List
For list archives: http://lists.mysql.com/perl
To unsubscribe: http://lists.mysql.com/perl?unsub=3Dgcdmp-msql-mysql-modules [at] m.gmane.org
