in reply to OT - Searching databases effectively

How about something like... 

my $joiner = $select_any ? ' or ' : ' and ';
my $where = join $joiner, ('bodytext like ?') x @terms;
$where .= " order by id desc";
my @terms = map { "%$_%" } @terms;

my $sth = $db->prepare("$querystr $where");
$query->execute(@terms);

[download]
Insert comments and error handling, and this should be much cleaner.

Disclaimer: my SQL-fu is weak, too :-)

Replies are listed 'Best First'.
Re^2: OT - Searching databases effectively
by skx (Parson) on Mar 30, 2005 at 04:54 UTC

    That certainly gets rid of the injection problems and uses the placeholders.

    Steve
    ---
    steve.org.uk
[reply]

In Section Seekers of Perl Wisdom