in reply to Re: Executing code stored in a database..
in thread Executing code stored in a database..

I did try this and it did not work.. 
      my $sql = "SELECT script FROM scripts where name='$ref->{name}'"
+;
      
      my $script;
      
      my $sth = $dbh->prepare("$sql");
      if ($sth->execute) {
                  while(my $row_hash = $sth->fetchrow_hashref) {
                        $script = "$row_hash->{script}";              
+          
                  }
                  $post .= "$script";
                  
                  $post .= eval "$script; 1" or warn $@;

            $sth->finish();
      }
################################################
$r->puts(<<"END");
$post
END

[download]

Replies are listed 'Best First'.
Re^3: Executing code stored in a database..
by ikegami (Patriarch) on Dec 07, 2007 at 04:23 UTC

    Don't insert plain text into a SQL statement!!! Escape properly or use placeholders. 

    my $sql = "SELECT script FROM scripts where name=?";
my $sth = $dbh->prepare($sql);
$sth->execute($ref->{name});

    [download]

    What's with putting everything in quotes? 

    "$sql"                 ->  $sql
"$row_hash->{script}"  ->  $row_hash->{script}
"$script"              ->  $script

    [download]

    Or a here-doc? 

    $r->puts(<<"END");     \
$post                   >  $->puts($post)
END                    /

    [download]

    Why loop when you only want one variable? 

    my $row_hash = $sth->fetchrow_hashref()
   or die(...);

$script = $row_hash->{script};

    [download]

    Finally, "doesn't work" is a very useless problem description. Please provide more details.

    ...although returning one probably won't help if you use it that way. 

    my $result = eval $script;
defined($result)
   or die(...);

$post .= $result;

    [download]
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom