in reply to Can't pass email address in SQL select statement

Most likely your address field is of type varchar which means you will need single quotes around $address -

my $sql = ("select username from user where address='$address')";
  • Comment on Re: Can't pass email address in SQL select statement

Replies are listed 'Best First'.
Re: Re: Can't pass email address in SQL select statement
by hardburn (Abbot) on Oct 20, 2003 at 16:37 UTC

    If $address, presumably coming from user input, should happen to contain '; DELETE FROM username WHERE id > -1; ', what do you do?

    The correct solution is to use placeholders (or if you feel like typing more code, DBI::quote), as the other posters pointed out.

    ----
    I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
    -- Schemer

    :(){ :|:&};:

    Note: All code is untested, unless otherwise stated

[reply]
[d/l]
[select]
      And use Taint-mode to guard against dangerous user input.

      CountZero

      "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]

In Section Seekers of Perl Wisdom