=========
open(F,$upload_name) || die "can not open $uploaded for reading;
read F,$content,$upload_size;
close(F);

$mysql_dbh->do("INSERT INTO $table (content,filename,filesize) VALUES
('$content', '$upload_name','$upload_size')");
==========

My $content may have some special charactors, e.g single quote ('), that
must be escaped before it can be accepted by MySQL.  Just wondering if
there is any funtion that can escape _all_ the characters considered
special by MySQL?

Thanks for any help,

: =========
: open(F,$upload_name) || die "can not open $uploaded for reading;
: read F,$content,$upload_size;
: close(F);

: $mysql_dbh->do("INSERT INTO $table (content,filename,filesize) VALUES
: ('$content', '$upload_name','$upload_size')");
: ==========

: My $content may have some special charactors, e.g single quote ('), that
: must be escaped before it can be accepted by MySQL.  Just wondering if
: there is any funtion that can escape _all_ the characters considered
: special by MySQL?

: Thanks for any help,

how about a function called "quote" which is documented in DBI

=========
Quote will probably not be able to deal with all
           possible input (such as binary data or data containing
           newlines), and is not related in any way with escaping
           or quoting shell meta-characters. There is no need to
           quote values being used with the section on
           /"Placeholders and Bind Values.
=========

So it does not fit out needs because uploaded files can be of any type.  I'm
thinking about using MIME::Base64.  Anybody has any better suggestions?

Thanks,

Bing

: > : Does Perl have any similar funtion to addslashes() that PHP does?
: > : What I want to do is to insert uploaded file into MySQL.
: >
: > : =========
: > : open(F,$upload_name) || die "can not open $uploaded for reading;
: > : read F,$content,$upload_size;
: > : close(F);
: >
: > : $mysql_dbh->do("INSERT INTO $table (content,filename,filesize) VALUES
: > : ('$content', '$upload_name','$upload_size')");
: > : ==========
: >
: > : My $content may have some special charactors, e.g single quote ('), that
: > : must be escaped before it can be accepted by MySQL.  Just wondering if
: > : there is any funtion that can escape _all_ the characters considered
: > : special by MySQL?
: >
: > : Thanks for any help,
: >
: > how about a function called "quote" which is documented in DBI
: >
: >         perldoc DBI

: Ah, thanks for the pointer.  I saw this in the manual:

: =========
: Quote will probably not be able to deal with all
:            possible input (such as binary data or data containing
:            newlines), and is not related in any way with escaping
:            or quoting shell meta-characters. There is no need to
:            quote values being used with the section on
:            /"Placeholders and Bind Values.
: =========

: So it does not fit out needs because uploaded files can be of any type.  I'm

You said you wanted something to escape special characters, and that is
what quote does.  If quote can't quote the string into a format acceptable
by a mysql insert statement then no other quote/char-escape method will do
that either, including the php addslashes method you initially mentioned
(though mysql is pretty liberal about what data can be inserted by
including it literally in an insert if correctly quoted).

: thinking about using MIME::Base64.  

Well you can always (as you now mention) encode the data yourself if you
wish. That can always be done with any database.  On the other hand you
then have to decode the data every time you extract it, whereas if you
inserted the data itself (as opposed to an encoding of it) then you could
retrieve the data directly without decoding it later.

: .. Anybody has any better suggestions?

How about re-reading the last sentence of the paragraph from the manual
that you referenced above. (hint: "bind")

P