Syntax errors with Win32::ODBC?

CodeNewbie has asked for the wisdom of the Perl Monks concerning the following question:

I am very green in Perl and MySQL, but need to get this working for a project at work. I am running NT 4 with IIS 4, running ActiveState Perl, and MySQL 3.23. I have a web from that is filling in a database - eventually I will be running reports against the data. I have been getting these errors consistently for the last two weeks:

syntax error at line 37, near "people values" Bad name after first_name' line 37.

Any help or advice would be greatly appreciated.

use Win32::ODBC;

print "Content-type: text/html\n\n";

read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});

@pairs = split(/&/, $buffer);

foreach $pair (@pairs)
{
    ($name, $value) = split(/=/, $pair);
    $value =~ tr/+/ /;
    $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
    $FORM{$name} = $value;
}


print "<HTML>\n";
print "<HEAD>\n";
print "<TITLE>Testing Database Code</TITLE>\n";
print "</HEAD>\n";
print "<BODY bgcolor=\"ffffcc\">\n";

$DSN="CodeTestMySQL";
if (!($db=new Win32::ODBC($DSN))) {
   print "Error connecting to $DSN\n";
   print "Error: " . Win32::ODBC::Error() . "\n";
}

else {
     print "Information being added to the University of Minnesota Fed
+eral Small Business Self-Certification Database.<br><br><br>\n";
}

$currentdate = &currentdate;
$SqlStatement = insert into people values('$FORM_DATA{'first_name'}','
+$FORM_DATA{'last_name'}','$currentdate');
  


sub currentdate {
  local $currentdate = $FORM_DATA{'year'}."-".$FORM_DATA{'month'}."-".
+$FORM_DATA{'day'};
  return $currentdate;
}


if ($db->Sql($SqlStatement)) {
   print "SQL failed.\n";
   print "Error: " . $db->Error() . "\n";
}
[download]

Edit kudra, 2002-05-17 Added to title, added p

Comment on Syntax errors with Win32::ODBC? Download Code

Replies are listed 'Best First'.
Re: Syntax errors? by JayBonci (Curate) on May 16, 2002 at 19:33 UTC
This line: `$SqlStatement = insert into people values('$FORM_DATA{'first_name'}',' +$FORM_DATA{'last_name'}','$currentdate');` [download] Should probably be: `$SqlStatement = "insert into people values('$FORM_DATA{first_name}','$ +FORM_DATA{last_name}','$currentdate')";` [download] You need to surround it with double quotes for the string to interpolate the $FORM_DATA correctly. Hope that helps. --jb	[reply] [d/l] [select]
Re: Syntax errors? by derby (Abbot) on May 16, 2002 at 19:39 UTC
Well yes, you have a problem assigning to the scalar $SqlStatement (among other things, please check out CGI). For this particular problem, you're need to quote the statement correctly. You're missing the initial quote. `$SqlStatement = "insert into people values('" . $FORM_DATA{'first_name'} . "','" . $FORM_DATA{'last_name'} . "','" . $currentdate . "')";` [download] Here I just took the simplistic approach with the string concat operator "." but you could use heredocs. Also you may want to look at DBI's quote method or placeholders so you don't have to do the database single quoting. -derby	[reply] [d/l]
Re: Re: Syntax errors? by CodeNewbie (Initiate) on May 16, 2002 at 20:06 UTC
Thank you to those who replied - I looked at the CGI link suggested by derby and will be doing some reading tonight - I appreciate the help and direction!	[reply]