Escaping strings

Hi,

This seems rather easy, but its got me stuck.

i am using ruby DBI to insert records into a mysql database.

dbh.do(“INSERT INTO sentences (id,text)
VALUES
(#{id},#{sentence})”)

the sentence is a pretty long and complex string having many special
characters. I cant seem to escape it out, i tried CGI and the %&&
delimiters, but i cant get it to work.

I appreciate your help!

Thanks!

Nvm, got it.

require ‘mysql’

sentence = Mysql.escape_string(sentence.to_s)
dbh.do(“INSERT INTO sentences (id,text)
VALUES
(#{id}, '” + sentence + “’)”)

:slight_smile:

On 03/07/2010 09:14 AM, Krishna Rokhale wrote:

:slight_smile:

I’d rather use prepared statements with bind variables. This is much
safer and also you can offload a bit of work from the database.

Kind regards

robert

Robert K. wrote:

On 03/07/2010 09:14 AM, Krishna Rokhale wrote:

:slight_smile:

I’d rather use prepared statements with bind variables. This is much
safer and also you can offload a bit of work from the database.

Kind regards

robert

Thanks!

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs