Look at the
actual strings you are sending to
$dbh->do. If the user has a single-quote in a field (like
dated, issuedby, etc), the SQL string will be bad.
my $Str = "Insert into City_Policies (ID, DATE_CREATED, ISSEDBY, SUBJE
+CT)
values ('$policynumber', '$DATE_CR', '$ISSUEDBY', '$newsubject')";
warn $Str;
$dbh->do($Str) or print "I died";
This may be a good reason to go ahead and build statement
handles and use placeholders. DBI will handle embedded
quotes for you.
BTW, may I suggest a stylistic change? ;-)
my $POLICY1 = "";
my $DATE_CR = "";
my $POLICY2 = "";
my $POLICY3 = "";
my $POLICY4 = "";
my $POLICY5 = "";
my $POLICY6 = "";
my $ISSUEDBY = "";
my $SUBJECT ="";
my $PURPOSE = "";
$POLICY1 =~s/<br>/\n/g;
$POLICY2 =~s/<br>/\n/g;
$POLICY3 =~s/<br>/\n/g;
$POLICY4 =~s/<br>/\n/g;
$POLICY5 =~s/<br>/\n/g;
$POLICY6 =~s/<br>/\n/g;
$POLICY1 =~s/<BR>/\n/g;
$POLICY2 =~s/<BR>/\n/g;
$POLICY3 =~s/<BR>/\n/g;
$POLICY4 =~s/<BR>/\n/g;
$POLICY5 =~s/<BR>/\n/g;
$POLICY6 =~s/<BR>/\n/g;
can be more succinctly written as:
my ($IDNUM, $ISSUEDBY, $DATE_CR, $SUBJECT, $PURPOSE,
$POLICY1, $POLICY2, $POLICY3,
$POLICY4, $POLICY5, $POLICY6) = $sth->fetchrow_array;
$_ ||= '' for ($DATE_CR, $ISSUEDBY, $SUBJECT, $PURPOSE);
$_ ||= '', s/<br>/\n/ig
for ($POLICY1, $POLICY2, $POLICY3, $POLICY4, $POLICY5, $POLICY6)
+;
Far fewer lines, and you get to use the cool ||= and postfix
for operators! :-)
Russ
Brainbench 'Most Valuable Professional' for Perl
