In article <3FCDE437.9060309@cog.ufl.edu>,
Barbara Lindsey <blindsey@cog.ufl.edu> writes:
> When I have problems like this, I do something like this:
> $sql="insert into it_contact (email, to_email,
> subject,details,modify,parent) values(
> '".$from."','".$to,"','".$subject."','".$body."', now(),'".$parent."')";
> Then you dont have to bind params. You can just prepare and execute.
... and get interesting results if one of the variables contains
quotes or backslashes.
I often use something like that:
$dbh->do (q{
INSERT INTO it_contact (email, to_email, subject, details, modify, parent)
VALUES (?, ?, ?, ?, ?, ?)
}, undef, $from, $to, $subject, $body, now(), $parent);
This lets DBI do the proper quoting for you.