http://qs321.pair.com?node_id=188259


in reply to Re: DBI, SQL and Dates
in thread DBI, SQL and Dates

$dbhstmt->execute( "'$SuStCo_strID'", "'$date'" ); I suggest this, as it's a good idea to have quotes around anything going into SQL, to stop nasty input tricks.

Bad advice, unless you want to end up with extra quote characters around fields in the database. I've only seen people do that by accident.

Better to pass strings to execute() either unquoted, or surrounded by double quotes. The latter is needed if you're trying to "pass" on object that overides stringify, and you want to store the stringified representation.