Perl中的特殊字符 [英] special Characters in Perl
问题描述
我正在创建CGI表单来更新Sybase存储过程。
I'm creating a CGI form to update a Sybase stored procedure.
qq {执行过程test(123,45,date, '$ note');};
$ note
变量是从包含故障单日志信息的文本框中获取的信息。这样输入此类信息的人可以并且很可能会使用特殊字符,例如'| {}
等。我很好奇是否有办法获取此信息信息通过变量 $ note
进入数据库。
qq {execute procedure test(123,45,date,'$note');};
the $note
variable is information obtained from a textbox that contains trouble ticket log information. As such people who enter such information can, and most likely will use special characters such as '|"{}
etc. Im curious to know if there is a way to get this information into the database via the variable $note
.
我的大部分研究都产生了DBI-> quote()函数,但它们似乎不起作用,而且由于这是一个存储过程,我不确定这些函数的相关性。
Most of my research has produced DBI->quote() functions, but they dont seem to work, and Im not sure how relevant those are since this is a stored procedure.
现在我正在尝试以下操作:
Right now I am trying the following:
使用DBI;
$ livedb = DBI-> connect( dbi:Sybase:server = test, admin, pass )|| die无法连接到实时数据库,$ DBI :: errstr;
$ note =正在测试特殊字符:;
$ livedb-> do(qq {执行过程jinsert(5304905 ,65,getdate,?);},undef,(param('$ note')));
我得到以下错误:
未定义的子例程& main :: param在test.cgi第11行处调用。
当我使用以下方法时,如果在<$ c中存在' $ c> $ note :
when I use the below methods, the code fails if a ' exists in $note
:
$ qy = $ livedb-> prepare($ note) ;
$ qy-> execute($ test)||死于无法记录:$ DBI :: errstr;
$ qy-> finish();
推荐答案
首先,回答您的问题直接:DBI-> quote()的确是您的朋友:-)它以正确的方式将引号括在字符串中,以符合您所使用的数据库的语言(对于SELECT / UPDATE / INSERT / DELETE总是相同的因为存储过程通常由前者的组合组成!)。
Firstly, to answer your question directly: DBI->quote() is indeed your friend here :-) It puts quotes round the string in the correct way for the language of the database you're using (which is invariably the same for SELECT/UPDATE/INSERT/DELETE queries as for stored procedures, since the latter usually consist of combinations of the former!).
例如,假设 $ dbh
已设置为您与数据库的DBI连接,然后
For example, assuming $dbh
has been set up as your DBI connection to your database, then
my $string = "Here's a string that needs \"quoting\"!";
print $dbh->quote($string);
打印以下内容:
'Here''s a string that needs "quoting"!'
注意方式:
- 在
中,
' / code>
- 在整个字符串周围加上
''
引号。
- It's doubled the
'
inHere's
- It's put
''
quotes around the whole string.
它打印的确切字符串取决于您的数据库-有些使用略有不同的约定。
The exact string that it prints will depend on your database - some use slightly different conventions.
但是...
看看您在做什么,您实际上不需要做任何引用:让DBI为您完成所有工作,就像这样:
Looking at what you're doing, you shouldn't actually need to do any quoting: let DBI do all the work for you, like this:
$livedb->do(qq {execute procedure jinsert(5304905,65,getdate,?);}, undef, $note);
DBI代码知道要执行什么报价才能替换?
和 $ note
。
The DBI code knows what quoting to do in order to replace the ?
with $note
.
这篇关于Perl中的特殊字符的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!