Re: DBI conditional insert (and things of those nature)

Possible answer for question 1: Simply do some

my $sth = $dbh->prepare("select employee_number from employees where  
+employee_number = '$employee_number' for update");
                $sth->execute;
                my $userID = ($sth->fetchrow)[0];
 if ($userID) {
   print "This employee is already in there \n";
 }
[download]

Question 2: DBI-quote() is probably the best way Cool?
Tradez
"Never underestimate the power of stupidity" - Bullet Tooth Tony, Snatch (2001)

Comment on Re: DBI conditional insert (and things of those nature) Download Code

Replies are listed 'Best First'.
Re: Re: DBI conditional insert (and things of those nature) by Hero Zzyzzx (Curate) on Jan 26, 2002 at 00:40 UTC
That won't work because you're using single quotes in your prepare(), meaning you're looking for the literal string "$employee_number".Errors like this, which won't raise errors because you're executing valid SQL, can be exceedingly difficult to debug, and are avoided totally with placeholders. As others have said, placeholders are the way to go, everywhere you can possibly use them. They automatically escape anything sketchy, also. -Any sufficiently advanced technology is indistinguishable from doubletalk.	[reply]
Re: Re: Re: DBI conditional insert (and things of those nature) by dvergin (Monsignor) on Jan 26, 2002 at 01:25 UTC
Consider: `my $str = "abcde '$myvar' fghi";` $myvar will interpolate because the single quotes are just characters in the double-quoted string. All of which is beside the point since placeholders are a more robust approach.	[reply] [d/l]
Re: Re: Re: Re: DBI conditional insert (and things of those nature) by Hero Zzyzzx (Curate) on Jan 26, 2002 at 04:47 UTC
I stand corrected. You learn something new every day! -Any sufficiently advanced technology is indistinguishable from doubletalk.	[reply]
Re: Re: Re: DBI conditional insert (and things of those nature) by impossiblerobot (Deacon) on Jan 26, 2002 at 01:19 UTC
Those aren't Perl single-quotes; since their wrapped inside double-quotes, they're literal single-quotes. Therefore $employee_number will interpolate. However, if the employee number were actually stored in the database as a numeric type, there could be a problem with sending it as a SQL string. Nevertheless, as you (and everyone else) has said, placeholders are a better solution. Impossible Robot	[reply]