Question

嗨，我非常喜欢perl .. 我有一个像这样的temp_data.txt文件

Id    Comments
--------------------------------
1      this is a 'comment'
2      special comment
3      user comment 'user'
-----------------------------------


  open (MYFILE, 'temp_data.txt');
while (<MYFILE>) {
if($_=~/^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(.+)/)
{
    $id=$1;    
    $comment = $2;
}

while(<MYFILE>)
{
    $line=$_;
    if($line=~/^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(.+)/)
    {
        seek(MYFILE, -length($_), 1);
        last;
}
    else
    {           if($_=~/\s*(.*)/)
        {
            $comment .=$1;

        }
    }
}

my $queryString = "INSERT INTO Headline (id,comment) VALUES ('$id', ' $comment')";

$sth = $dbh->prepare($queryString);
$sth->execute() or die $DBI::errstr;
$sth->finish();
}

但是在插入数据库的时候遇到一个像这样的错误的特殊字符。

DBD::mysql::st execute failed: You have an error in your SQL syntax; 
check the manual that corresponds to your MySQL server version for the right syntax to use near 'comment')' at line 1 at head.pl line 1.

谁能帮助我吗？提前谢谢

Answer 1

也许，您插入的数据有特殊符号。为此使用参数化查询（它将保护您免受SQL注入）：

my $queryString = "INSERT INTO Headline (id,comment) VALUES (?, ?)";

$sth = $dbh->prepare($queryString);
$sth->execute($id, $comment) or die $DBI::errstr;
$sth->finish();

使用perl将特殊字符插入mysql

1 个答案: