Re: DBD::Pg problem

In article <3FCDE437.9060309@cog.ufl.edu>,
Barbara Lindsey <blindsey@cog.ufl.edu> writes:

> When I have problems like this, I do something like this:
> $sql="insert into it_contact (email, to_email,
> subject,details,modify,parent) values(
> '".$from."','".$to,"','".$subject."','".$body."', now(),'".$parent."')";

> Then you dont have to bind params. You can just prepare and execute.

... and get interesting results if one of the variables contains
quotes or backslashes.

I often use something like that:

  $dbh->do (q{
    INSERT INTO it_contact (email, to_email, subject, details, modify, parent)
    VALUES (?, ?, ?, ?, ?, ?)
  }, undef, $from, $to, $subject, $body, now(), $parent);

This lets DBI do the proper quoting for you.