in reply to Can't pass email address in SQL select statement

Don't pass the e-mail address directly into the SQL statement. Use placeholders instead and pass the address to execute():

my $sql = q(select username from user where address = ?);
my $sth1 = $dbh->prepare($sql);
$sth1->execute($address);

[download]

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

:(){ :|:&};:

Note: All code is untested, unless otherwise stated

Replies are listed 'Best First'.
Re: Re: Can't pass email address in SQL select statement
by davart (Initiate) on Oct 20, 2003 at 16:32 UTC
    Thanks! It works great.
[reply]

In Section Seekers of Perl Wisdom