[求助]DBI编程中遇到含引号的sql语句

从web传递变量，用DBI模块update mysql表纪录，可是发现sql语句中含有大量的单引号和双引号！

看了下手册，说是用quote方法，可是我用后还是报错。哪位能指点下？？？？

记得PHP中有个Addslash函数，能够自动转义~~~很好用的。

my $update_sql = ""; my $dbh = "";      $dbh = AdminUtils::ConnectToDatabase();      my $test_msg = $dbh->quote(param("script_msg")); $update_sql = "update $mysql_table_name script_name = $test_msg where file_name = \"".param("file_name")."\"";

报错如下！

update data_test script_name = '\r\n \r\n name[\"english\"] = \"12Planet Chat Server Path Disclosure\";\r\n script_name(english:name[\"english\"]);\r\n ' where file_name = "12planet_chat_server_path_disclosure.nasl": You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= '\r\n \r\n name[\"english\"] = \"12Planet Chat Server Path Disclosure\";\r\n s' at line 1 at modules/AdminUtils.pm line 552.

这个sql语句就不对啊

晕~~~~ 怎的少了个set！调了下，正确了~~~

大侠们~！是不是DBI解决这个问题的方法就是quote方法啊？

其他模块呢？