[Dbix-class] escaping input
John Goulah
jgoulah at gmail.com
Tue May 15 15:45:04 GMT 2007
I'm doing something like this:
my $schools =3D $c->model('RegistrationDB::University')->search(
{ name =3D> { like =3D> "%$query%" } },
{
rows =3D> 20,
select =3D> [qw/name university_id state city zip/],
order_by =3D> [
"LOCATE(\"$query\",name)",
"name",
"state",
"city"
]
}
);
which works fine, except for when that $query variable has quotes. Whats
the proper way to escape this? Or is there some way to reformulate this
code in a better way? I'm typically used to using parameterized queries and
such to make things sql safe, so how is it done here?
Thanks!
John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/dbix-class/attachments/20070515/722=
bb7e0/attachment.htm
More information about the Dbix-class
mailing list