my $sth=$dbh->prepare(q{
   SELECT * FROM foo WHERE bar LIKE ?
});
$sth->execute(q{it's not a problem});
[download]

Sorry, you're quite right, that was just an example and I should have posted

    SELECT * FROM foo WHERE bar LIKE '%it's not a problem%'
[download]

or similar.

OK for an example of it not working? If I do this:

$str = $dbh->quote("it's not a problem");

$sth = $dbh->prepare(
"SELECT * FROM practice WHERE name LIKE '%$str%'"
) || die "Error: " . $dbh->errstr;

$sth->execute() || die "Error: " . $dbh->errstr;
[download]

I get an error:

Error: You have an error in your SQL syntax. Check the manual that cor
+responds to your MySQL server version for the right syntax to use nea
+r 'it\'s not a problem'%'' at line 1 at /foo/bar.cgi line 29.
[download]

What I'm saying is, the quote() function puts backslashes before my apostrophes. But that's not what I need if it's LIKE (something containing an apostrophe). What am I missing?

---




($_='kkvvttuubbooppuuiiffssqqffssmmiibbddllffss')
=~y~b-v~a-z~s; print

If you use $dbh->quote() on a string, that puts quote marks around it, so when you put more quotes around it in your SQL you are ruining it. Here are two ways to do it:

$str = $dbh->quote("%it's not a problem%");
$sth = $dbh->prepare(
   "SELECT * FROM practice WHERE name LIKE $str"
) || die "Error: " . $dbh->errstr;
$sth->execute() || die "Error: " . $sth->errstr;

OR BETTER

$str = "%it's not a problem%";
$sth = $dbh->prepare(
   "SELECT * FROM practice WHERE name LIKE ?"
) || die "Error: " . $dbh->errstr;
$sth->execute($str) || die "Error: " . $sth->errstr;
[download]

Note that I also changed $dbh->errstr to $sth->errstr for your execute, the error is in whatever handle you are using ($dbh for prepare, $sth for execute).

Ohh, what's really going to bake your noodle later on is, how do you portably quote the '%' or '_' in $str (you want to search for bars that mention "the 7% solution").

- tye        

$str =~ s/'/''/g;
[download]