comment on

Seems to me you're creating SQL statements directly, but consider this:

   UPDATE table SET foo = bar WHERE baz = boo
[download]

That probablyl isn't a valid SQL statement. However, this following might be:

   UPDATE table SET foo = 'bar' WHERE baz = 'boo'
[download]

Yep. Quotation. To overcome this, you should NOT try to quote these things by yourself. Instead, use placeholders:

   my $sth = $dbh->prepare(
     qq|UPDATE $table SET $field = ? WHERE id = ?|
   );
   $sth->execute( $value, $record );
[download]

Of course, this still wouldn't work if $field or $table contained some bad chars. So I personally REALLY REALLY am against using this type of dynamic SQL generation. Might as well write each one of them out, cause you're bound get fewer mistakes

In reply to Re: Unexpected results in SQL query subs by lestrrat
in thread [untitled node, ID 193356] by Samn

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.