my $c_first = $query->param('c_first'); my $c_address = $query->param('c_address'); my $sql = "SELECT id FROM names WHERE first = '$c_first'"; my $sth = $dbh->prepare( $sql ); if ( $sth && $sth->execute() ) { while ( my $row = $sth->fetchrow_arrayref() ) { print( "$c_first => " . $row->[0] . "\n" ); } $sth->finish(); }
You can now do this:
This is a common and often preferred method. You can have more than one question mark in the SQL command and put the variable names as arguments to the $sth->execute() function. Note that you don't put quote marks around the question marks in the SQL string.my $sql = "SELECT id FROM names WHERE first = ?"; my $sth = $dbh->prepare( $sql ); if ( $sth && $sth->execute( $c_first ) ) { while ( my $row = $sth->fetchrow_arrayref() ) { print( "$c_first => " . $row->[0] . "\n" ); } $sth->finish(); }
Alternatively you can do this:
Note the absense of quote marks around the variable in the SQL statement. $dbh->quote()ing the variable automatically puts quote marks around the string.$c_first = $dbh->quote( $c_first ); # make O'Brian safe my $sql = "SELECT id FROM names WHERE first = $c_first"; my $sth = $dbh->prepare( $sql ); if ( $sth && $sth->execute() ) { while ( my $row = $sth->fetchrow_arrayref() ) { print( "$c_first => " . $row->[0] . "\n" ); } $sth->finish(); }
In reply to Re: posting variables for DBI insert
by monarch
in thread posting variables for DBI insert
by Anonymous Monk
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |