in reply to Insert Row
Rather than comment on your code, let me first argue against building an SQL command by concatenating strings together -- it makes things really clumsy,
Instead, the approach that I follow is to write the final command that I'm going to submit to the prepare method ..
my $cmd = "INSERT INTO $table ($fields) VALUES ($placeholderList)";
.. and then work backwards, filling bits in as I go. The sub preamble will be something like this ..
# Accepts a database handle, a table name, and a hashref # of field names and values. Returns on success, otherwise # dies. sub addData { my ( $dbh, $table, $args ) = @_;
Now it's time to build the pieces leading up to your command ..
# Get a comma separated list of the field names .. my $fields = join(',', keys %$args); # Get the values into an array .. my @values = values %$args; # Get a comma separated list of '?', one for each value # .. my $placeholderList = join(',',('?') x @values);
Then, once the command is built, you do the rest of the stuff with the database ..
# Prepare the command and execute it with the array of # values. my $sth = $dbh->prepare($cmd); $sth->execute(@values) or die $sth->error; return 0; # Success!
So in the end you have a piece of code that's clean and fairly well documented. Once more, here's the entire thing:
# Accepts a database handle, a table name, and a hashref # of field names and values. Returns on success, otherwise # dies. sub addData { my ( $dbh, $table, $args ) = @_; # Get a comma separated list of the field names .. my $fields = join(',', keys %$args); # Get the values into an array .. my @values = values %$args; # Get a comma separated list of '?', one for each value .. my $placeholderList = join(',',('?') x @values); # Build the entire command .. my $cmd = "INSERT INTO $table ($fields) VALUES ($placeholderList)"; # Prepare the command and execute it with the array of values. my $sth = $dbh->prepare($cmd); $sth->execute(@values) or die $sth->error; return 0; # Success! }
Way cleaner, no?
|
|---|