[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] brain damaged perl DBI

Subject: [ale] brain damaged perl DBI
From: fletch at phydeaux.org (fletch at phydeaux.org)
Date: Fri Jan 28 13:39:28 2005
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>


>>   foreach my $id (@clone_list){
>>     my $query = qq|SELECT id
>>        FROM assembly
>>        WHERE parts_id = $id|;
>
> I believe you'll need single quotes around $id above.
>
>>     my $sth = $dbh->prepare($query);
>>     $sth->execute || $form->dberror($query);


The better solution would be to use a placeholder.  Then you can prepare the
statement once outside the foreach and pass the id when you execute it (and
you're also less vulnerable to SQL injection attacks).

my $sth = $dbh->prepare( qq{
SELECT id FROM assembly WHERE parts_id = ?
});
foreach my $id ( @clone_list ) {
  $sth->execute( $id ) or $form->dberror( "assembly SELECT id $id" );

  while( my $row = $sth->fetchrow_arrayref ) {
    #...
  }

  $sth->finish( );
}


See perldoc DBI for more info on placeholders.  Also check out the trace()
method
which can be handy to see exactly what you're sending back and forth to
your DB
backend.

-- 
Fletch                | "If you find my answers frightening,       __`'/|
fletch at phydeaux.org|  Vincent, you should cease askin'          \ o.O'
                      |  scary questions." -- Jules                =(___)=
                      |                                               U

Follow-Ups:
- [ale] brain damaged perl DBI
  - From: jkinney at localnetsolutions.com (James P. Kinney III)

References:
- [ale] brain damaged perl DBI
  - From: jkinney at localnetsolutions.com (James P. Kinney III)
- [ale] brain damaged perl DBI
  - From: esoteric at 3times25.net (Geoffrey)

Prev by Date: [ale] KDE oddity
Next by Date: [ale] OT Speedfactory Problems Anyone?
Previous by thread: [ale] brain damaged perl DBI
Next by thread: [ale] brain damaged perl DBI
Index(es):
- Date
- Thread