Please, oh please, do not put your variables right into your SQL statement. That's just asking for long-term problems. Nevermind nasty injection bugs.
my @where; my @binds; if ($emp_user_name ne "*") { if ($bb_activity_code) { push @where, 'bb_activity_code LIKE ?'; push @binds, "%$bb_activity_code%"; } if ($bb_model) { push @where, 'bb_model = ?'; push @binds, $bb_model } if ($bb_pin) { push @where, 'bb_pin LIKE ?'; push @binds, "%$bb_pin%"; } if ($bb_phone) { push @where, 'bb_phone LIKE ?'; push @binds, "%$bb_phone%"; } if ($bb_imei_esn_dec) { push @where, 'bb_imei_esn_dec LIKE ?'; push @binds, "%$bb_imei_esn_dec%"; } if ($bb_status) { push @where, 'bb_status = ?'; push @binds, $bb_status } if ($bb_region_code) { push @where, 'bb_region_code = ?'; push @binds, $bb_region_code } if (@where) { push @where 'emp_user_name LIKE ?'; push @binds, "%$emp_user_name%"; } } my $statement = "SELECT bb_id, emp_user_name, bb_activity_code, bb_mod +el, bb_pin, bb_phone, bb_imei_esn_dec, bb_status, bb_region_code FROM + blackberry"; $statement .= ' WHERE ' . join(' AND ', @where) if @where; $statement .= ' ORDER BY emp_user_name';
Of course, you then have to bind @binds to your query, which I assume is possible with Win32::ODBC, but I'll leave that to you to look at. Anyway, this should be much simpler than what you had - and easier to add to or otherwise modify. In fact, I'd go another step and put all those variables into a hash, and then you could loop through them to generate the SQL statement. A bit more abstraction which could make runtime a bit slower, but make modifications (of the code) much faster.
In reply to Re: Search breaks based on search string
by Tanktalus
in thread Search breaks based on search string
by Kiko
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |