Name

sqlQuote — escapes any special database characters in a string

Synopsis

my $quotedval = $slashdb->sqlQuote($value);

sqlQuote escapes any special characters within a string so they will not break a SQL statement or otherwise interfere with database processing. This can be used safely on values that may not normally need to be quoted. However, it should not be used twice on the same value. It exists as a helper for sqlDo.

Example

# from sqlUpdate()
foreach (keys %$data) {
    



    if (s/^-//) {
    $sql .= "\n  $_ = $data->{-$_},";
    } else {
    $sql .= "\n $_ = " .
    $self->sqlQuote($data->{$_}) . ',';
    }
}

Get Running Weblogs with Slash now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.