I have a SQL statement similar to the one shown below in Perl: my

Question

0

Asked: May 13, 20262026-05-13T09:00:54+00:00 2026-05-13T09:00:54+00:00

I have a SQL statement similar to the one shown below in Perl: my

0

I have a SQL statement similar to the one shown below in Perl:

my $sql="abc..TableName '$a','$b' ";

The $a is free text which can contain anything including single quotes, double quotes, back- and front-slash characters, etc.

How can these characters be escaped to make the SQL statement work?

Thanks.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-13T09:00:55+00:00

You can either use the ->quote method (assuming you’re using DBI):

my $oldValue = $dbh->quote('oldValue');
my $newValue = $dbh->quote('newValue');
$dbh->do("UPDATE myTable SET myValue=$newValue where myValue=$oldValue");

Better still, the best practice is to use bind values:

my $sth = $dbh->prepare('UPDATE myTable SET myValue=? WHERE myValue=?');

$sth->execute('newValue','oldValue');

This should also work for stored procedure calls, assuming the statement once the strings have been expanded is valid SQL. This may be driver/DB specific so YMMV.

my $sth = $dbh->prepare("DBName..ProcName ?,? ");
$sth->execute($a, $b);

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a SQL statement similar to the one shown below in Perl: my

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply