Also, GrandFather, afoken, and kcott all commented that both the selectrow_array and fetchrow_array documentation state "If called in a scalar context for a statement handle that has more than one column, it is undefined whether the driver will return the value of the first column or the last. So don't do that." really do mean you shouldn't be doing that*. Stated a little differently, you shouldn't be surprised that this undefined behavior is biting you. It may not even be worth trying to debug this and instead just using the API the way the documentation says you should...

I addressed this in the original question:
Things I have tried...Forcing array context my ($crid) = $crm->db->selectrow_array - no change

The problem goes away if I turn off taint mode...
Well that's certainly interesting and might indicate a bug somewhere.

I thought it was an isolated incident confined to this piece of code. But it has broken Bod::CRM which we discussed in [RFC] Review of module code and POD.
The worrying thing is that it fails silently. Luckily I picked up the issue with the test instance of our CRM database.

I *think* it is because the value passed to the placeholder originated from STDIN via the POST from a web form (or occasionally from the QUERY_STRING CGI environment variable). I suspect Perl considers this to be tainted but doesn't warn about it in any way. Perhaps this is a bug in DBI. Especially as the documentation for selectrow_array says "This utility method combines "prepare", "execute" and "fetchrow_array" into a single call"

But this fails: 

my ($value) = $dbh->selectrow_array("SELECT value FROM Test WHERE idTe
+st = ?", undef, $value_from_stdin);

[download]
Yet this, which is supposed to be equivelent, works: 
my $query = $dbh->prepare("SELECT value FROM Test WHERE idTest = ?");
$query->execute($value_from_stdin);
my ($value) = $query->fetchrow_array;

[download]
As a consequence, I am going through code used under taint mode and changing selectrow_array for the above modification if there is any chance that the placeholder data might be considered tainted.

update

Some testing has proved that it is about tainted data being passed to the placeholders and only with selectrow_array, not execute and fetchrow_array. With taint mode on, if I pass a value to the placeholder that has come from STDIN then it fails silently. But if I pass the same value assigned to the variable in my script and pass that to the placeholder, it works.

This behaviour makes sense but it would also make sense for it to throw an error when I try to do it rather than failing silently.

In reply to Re^6: Recalcitrant placeholders by Bod
in thread Recalcitrant placeholders by Bod

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.