Escaping strings

Krishna Rokhale · Mar 7, 2010

Hi,

This seems rather easy, but its got me stuck.

i am using ruby DBI to insert records into a mysql database.

dbh.do("INSERT INTO sentences (id,text)
VALUES
(#{id},#{sentence})")

the sentence is a pretty long and complex string having many special
characters. I cant seem to escape it out, i tried CGI and the %&&
delimiters, but i cant get it to work.

I appreciate your help!

Thanks!

Krishna Rokhale · Mar 7, 2010

Nvm, got it.

require 'mysql'

sentence = Mysql.escape_string(sentence.to_s)
dbh.do("INSERT INTO sentences (id,text)
VALUES
(#{id}, '" + sentence + "')")

Robert Klemme · Mar 7, 2010

Nvm, got it.

require 'mysql'

sentence = Mysql.escape_string(sentence.to_s)
dbh.do("INSERT INTO sentences (id,text)
VALUES
(#{id}, '" + sentence + "')")

I'd rather use prepared statements with bind variables. This is much
safer and also you can offload a bit of work from the database.

Kind regards

robert

Krishna Rokhale · Mar 7, 2010

Robert said:
I'd rather use prepared statements with bind variables. This is much
safer and also you can offload a bit of work from the database.

Kind regards

robert

Thanks!

JavaScript's Character Escaping Functions	9	Dec 30, 2011
Survey details won't go through using php, ajax, Mysql	0	Oct 26, 2023
secure file writing (escaping characters from the file name)	5	Sep 12, 2007
REXML escaping seems broken	2	Oct 20, 2005
Passing DBI parameters as an array	1	May 27, 2007
Newbie Question: Escaping special characters in array of strings	5	Nov 21, 2004
ChatBot	4	Jan 19, 2021
HOWTO: "catching" a segfault in a ruby/dl C library	0	Jul 26, 2006

Escaping strings

Krishna Rokhale

Krishna Rokhale

Robert Klemme

Krishna Rokhale

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads