Re: Re: DBI conditional insert (and things of those nature)

That won't work because you're using single quotes in your prepare(), meaning you're looking for the literal string "$employee_number".Errors like this, which won't raise errors because you're executing valid SQL, can be exceedingly difficult to debug, and are avoided totally with placeholders.

As others have said, placeholders are the way to go, everywhere you can possibly use them. They automatically escape anything sketchy, also.

-Any sufficiently advanced technology is
indistinguishable from doubletalk.

Comment on Re: Re: DBI conditional insert (and things of those nature)

Replies are listed 'Best First'.
Re: Re: Re: DBI conditional insert (and things of those nature) by dvergin (Monsignor) on Jan 26, 2002 at 01:25 UTC
Consider: `my $str = "abcde '$myvar' fghi";` $myvar will interpolate because the single quotes are just characters in the double-quoted string. All of which is beside the point since placeholders are a more robust approach.	[reply] [d/l]
Re: Re: Re: Re: DBI conditional insert (and things of those nature) by Hero Zzyzzx (Curate) on Jan 26, 2002 at 04:47 UTC
I stand corrected. You learn something new every day! -Any sufficiently advanced technology is indistinguishable from doubletalk.	[reply]
Re: Re: Re: DBI conditional insert (and things of those nature) by impossiblerobot (Deacon) on Jan 26, 2002 at 01:19 UTC
Those aren't Perl single-quotes; since their wrapped inside double-quotes, they're literal single-quotes. Therefore $employee_number will interpolate. However, if the employee number were actually stored in the database as a numeric type, there could be a problem with sending it as a SQL string. Nevertheless, as you (and everyone else) has said, placeholders are a better solution. Impossible Robot	[reply]