How to insert text into mysql having quotes using perl ? It seems difficult

Question

Asked: May 22, 20262026-05-22T17:55:09+00:00 2026-05-22T17:55:09+00:00

How to insert text into mysql having quotes using perl ?
It seems difficult to insert text containing ‘ & “.
I’m using Perl DBI module & DB is mysql.

UPDATE:

here is my query

my $s = "INSERT INTO comment(guid,review_id) VALUES ('$guid','$review_id')";

You must login to add an answer.

Need An Account,

Editorial Team · Answer 1 · 2026-05-22T17:55:09+00:00

Your old query would have been something like this:

my $s = "insert into comment(guid,review_id) values ('$guid','$review_id')";
$dbh->do($s);

The better way, using placeholders and bind values as per @AlexD’s answer, would look like this:

my $sth = $dbh->prepare("insert into comment(guid,review_id) values (?, ?)";);
$sth->execute($guid, $review_id);

To learn about the security risks of your first approach, have a look at SQL injection attacks on Wikipedia.

The Archive Base Latest Questions