I nst ead, t he NULL value shouldnt have any surrounding quot es at all: INSERT INTO profile name,birth,color,foods,cats VALUESDeMont,1973-01-12,NULL,eggroll,4; I f you were writ ing t he query lit erally in your program , youd sim ply writ e t he word NULL wit hout surrounding quot es. But if t he color value com es from a variable, t he proper act ion is not so obvious. You m ust know som et hing about t he variables value t o be able t o det erm ine whet her or not t o surround it wit h quot es when you const ruct t he query. There are t wo general m eans at your disposal for dealing wit h special charact ers such as quot es and backslashes, and wit h special values such as NULL : • Use placeholders if your API support s t hem . Generally, t his is t he preferred m et hod, because t he API it self will do all or m ost of t he work for you of providing quot es around values as necessary, quot ing or escaping special charact ers wit hin t he dat a value, and possibly int erpret ing a special value t o m ap ont o NULL wit hout surrounding quot es. Recipe 2.7 provides general background on placeholder support ; you should read t hat sect ion if you havent already. • Use a quot ing funct ion if your API provides one for convert ing dat a values t o a safe form t hat is suit able for use in query st rings. The rem ainder of t his sect ion shows how t o handle special charact ers for each API . The exam ples dem onst rat e how t o insert a profile t able record t hat cont ains DeMont for t he name value and NULL for t he color value. The t echniques shown work generally t o handle any special charact ers, including t hose found in binary dat a. The t echniques are not lim it ed t o INSERT queries. They work for ot her kinds of st at em ent s as well, such as SELECT queries. Exam ples showing specifically how t o work wit h a part icular kind of binary dat a—im ages—are provided in Chapt er 17 . A relat ed issue not covered here is t he inverse operat ion of t ransform ing special charact ers in values ret urned from your dat abase for display in various cont ext s. For exam ple, if youre generat ing HTML pages t hat include values t aken from your dat abase, you have t o convert and charact ers in t hose values t o t he HTML ent it ies lt; and gt; t o m ake sure t hey display properly. This t opic is discussed in Chapt er 16 .

2.8.4 Perl

DBI support s a placeholder m echanism for binding dat a values t o queries, as discussed in Recipe 2.7 . Using t his m echanism , we can add t he profile record for DeMont by using do : my count = dbh-do INSERT INTO profile name,birth,color,foods,cats VALUES?,?,?,?,?, undef, DeMont, 1973-01-12, undef, eggroll, 4; Alt ernat ively, use prepare plus execute : my sth = dbh-prepare INSERT INTO profile name,birth,color,foods,cats VALUES?,?,?,?,?; my count = sth-execute DeMont, 1973-01-12, undef, eggroll, 4; I n eit her case, t he result ing query generat ed by DBI is as follows: INSERT INTO profile name,birth,color,foods,cats VALUESDe\Mont,1973-01-12,NULL,eggroll,4 Not e how DBI adds quot es around dat a values, even t hough t here were none around t he ? placeholder charact ers in t he original query st ring. The placeholder m echanism adds quot es around num eric values, t oo, but t hat s okay, because t he MySQL server perform s t ype conversion as necessary t o convert st rings t o num bers. Also not e t he DBI convent ion t hat when you bind undef t o a placeholder, DBI put s a NULL int o t he query and correct ly refrains from adding surrounding quot es. DBI also provides a quote m et hod as an alt ernat ive t o using placeholders. quote is a dat abase handle m et hod, so you m ust have a connect ion open t o t he server before you can use it . This is because t he proper quot ing rules cannot be select ed unt il t he driver is known; som e dat abases have different quot ing rules t han ot hers. Heres how t o use quote t o creat e a query st ring for insert ing a new record in t he profile t able: my stmt = sprintf INSERT INTO profile name,birth,color,foods,cats VALUESs,s,s,s,s, dbh-quote DeMont, dbh-quote 1973-01-12, dbh-quote undef, dbh-quote eggroll, dbh-quote 4; my count = dbh-do stmt; The query st ring generat ed by t his code is t he sam e as when you use placeholders. The s form at specifiers are writ t en wit hout surrounding quot es because quote provides t hem aut om at ically as necessary: undef values are insert ed as NULL wit hout quot es, and non- undef values are insert ed wit h quot es.

2.8.5 PHP