Re: Where the advice to use DBI bind parameters can go wrong (long)

For the record, I've never seen a mysql query with that syntax in production code (though this thread isn't limited to MySQL, I'm sure there are similar syntaxes in other RDBMS'). Normally I see the following:

$sth->prepare(qq{
       SELECT name, url FROM table WHERE name LIKE %$name%});
[download]

This may not do what you expect:

$sth->prepare("SELECT * FROM companies WHERE name = ?");
[download]

I've been burned by the double-quotes in '$sth->prepare' also, so I have refrained from using them, especially with regard to their use with binds. In fact, your second example will not work with those bind parameters in double-quotes. All of the DBI books I've seen refer to qq// in these circumstances.

Comment on Re: Where the advice to use DBI bind parameters can go wrong (long) Select or Download Code

Replies are listed 'Best First'.
Re: Re: Where the advice to use DBI bind parameters can go wrong (long) by rdfield (Priest) on Jun 27, 2002 at 08:23 UTC
hacker, the second example doesn't work because of the `%$name` being interpolated inside the double quotes. Single quotes is a saves a bit of typing over `qq{}`. As a solution to the initial problem pointed out by dws the work-around in Oracle is to use InterMedia indexes for full text searches of VARCHAR2 and LOB data. They can be a bit tricky to set up initially but do work well when you get them going (make sure you monitor the CTX server process). rdfield	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re: Re: Where the advice to use DBI bind parameters can go wrong (long)
by rdfield (Priest) on Jun 27, 2002 at 08:23 UTC

hacker

%$name

qq{}

As a solution to the initial problem pointed out by dws the work-around in Oracle is to use InterMedia indexes for full text searches of VARCHAR2 and LOB data. They can be a bit tricky to set up initially but do work well when you get them going (make sure you monitor the CTX server process).

rdfield

[reply]
[d/l]
[select]