in reply to Dealing with uninitialized values
my $sql = "SELECT * FROM users WHERE id = '$user'";
is compiled as
my $sql = "SELECT * FROM users WHERE id = '" . $user . "'";
thus the concatenation error. The only thing there that could be undef is $user. The problem has nothing to do with the database, and all with an invalid web request ( that comma after $query->param("username")! ++chorny ).
grep is right about using placeholders, though. Using unescaped data in an SQL statement (or anywhere else) is buggy and unsafe. Use placeholders.
|
|---|