Use placeholders--then the values will automatically
be quoted.
my $NUM_FIELDS = 14;
my $sql = "INSERT INTO whatever VALUES (" . join(', ', ('?') x $NU
+M_FIELDS) . ")";
my $sth = $dbh->prepare_cached($sql);
while (<FILE>) {
my @line = (parse_cvs($_));
$sth->execute(@line);
}
$sth->finish;
If you want to be more flexible about the number of fields
in your file, do the prepare inside the loop (but make
sure you use prepare_cached so that you're not preparing
the same statement over and over):
while (<FILE>) {
my @line = (parse_cvs($_));
my $sql = "INSERT INTO whatever VALUES (" .
join(', ', ('?') x @line) . ")";
my $sth = $dbh->prepare_cached($sql);
$sth->execute(@line);
$sth->finish;
}
In fact, I like this last better. :) I'd recommend using
this, because it's nice to be input-independent.