http://qs321.pair.com?node_id=242867

ok has asked for the wisdom of the Perl Monks concerning the following question:

This is a simple SQL insert...
$insert_cmd = "INSERT INTO PhoneNumbers (cusID, adtID, pntID, phnPart1, phnPart2, phnPart3, phnExt) VALUES (?, ?, ?, ?, ?, ?, ?)"; $phone_insert = $gcssDBH->prepare($insert_cmd); ... $phone_insert->execute( $row->{'cust_id'}, $adtID, $phoneNumberTypes->{'Day'}, $row->{'cust_phac'}, $row->{'cust_phpx'}, $row->{'cust_phsx'}, $row->{'cust_phex'} );
...but I get this error: You have an error in your SQL syntax near '89, '45')' at line 4 (line 4 of the query, that is)

...with these values assigned to the variables:
$row->{'cust_id'} == 3048770 adtID == 2 pntID == 3 $row->{'cust_phac'} == 704 $row->{'cust_phpx'} == 53 $row->{'cust_phsx'} == 2 89 $row->{'cust_phex"} == 45
I don't see anything wrong with the code. Does something jump out at you? Yes, $row->{'cust_phsx'} == "2 89" but I don't see why that should make a difference. Obviously, I'm wrong. I'm under the impression that using placeholders gives me the right to avoid explicitly escaping naughty characters.