comment on

$month=`date --date='1 month ago' +%B`;
my $sth = $dbh->prepare("SELECT * from $table where monthname(Date)='$
+month'" );
[download]

This is a really bad example:

`date ...` returns a line break, as you can see by running perl -e '$month=`date --date="1 month ago" +%B`; print "[$month]"'. Your code does nothing to remove the line break (chomp missing), so it is passed to MySQL. I guess that MySQL will see a difference between "Foo" and "Foo<line break>" and wrongly return no results.
date ... +%B returns the month name in the current locale of the operating system of the computer the perl script runs on. Something like "Août", "August", or "Agosto". MySQL's monthname() returns the month name in the locale that was selected in the MySQL configuration, possibly on a different machine. Something like "Aguste", "Agustus", or "Aguste". A locale mismatch will wrongly give you no results. MySQL's month() returns numbers in the usual range 1..12, no mismatch possible. It may also return 0 for "strange" dates, see MySQL documentation.
"date --date='1 month ago' +%B" is not portable. Guess what happens when you execute it on Windows. Right, it does not work. It waits for input, because it does not understand GNU parameters:
```
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\alex>date --date='1 month ago' +%B
The system cannot accept the date entered.
Enter the new date: (dd-mm-yy)
[download]
```
Don't ask me what happens on other systems without GNU's date. I would expect to see errors, unexpected output, or both.
You don't need external tools to get the current month, perl has gmtime and localtime. Both return the month a number in the range 0..11. Add 1 to get the usual range 1..12.
Using string interpolation to fill values into SQL statements is extremely dangerous (http://bobby-tables.com/) and it actively prevents any caching done by DBI, DBD::*, and the database. Always use placeholders; they prevent SQL injection, automatically handle all required quoting, and allow caching.

To clean up:

my $month=(localtime())[4]+1;
...
my $sth=$dbh->prepare("SELECT * from $table where month(Date)=?");
$sth->execute($month);
...
[download]

Except that this still misses the "last month" logic. Quite easy to handle. The previous month number is current month number minus 1. If that is 0, replace it with 12.

my $month=(localtime())[4]+1;
# last month:
$month--; 
$month||=12;
...
my $sth=$dbh->prepare("SELECT * from $table where month(Date)=?");
$sth->execute($month);
...
[download]

This still can be simplifed because localtime already returns current month number minus 1. And while we are at it, rename $month to $lastmonth.

my $lastmonth=(localtime())[4]||12;
...
my $sth=$dbh->prepare("SELECT * from $table where month(Date)=?");
$sth->execute($lastmonth);
...
[download]

And the final bit to get rid of little bobby tables: $table may come from an untrusted source, or may just be a reserved word. DBI can handle this, too, for any database:

...
my $sth=$dbh->prepare('SELECT * from '.$dbh->quote_identifier($table).
+' where month(Date)=?');
...
[download]

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

In reply to Re^4: Problem passing date to SQL by afoken
in thread Problem passing date to SQL by JoeTheProgrammer

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.