Re: Help my syntax

Don't do things like pat = \"" . $PatenteToQuery . "\" or strangers will ruin your databases for fun. Use the bind variables instead. It will save you trouble in terms of security and in terms of hunting down this bug.

my $sql = "SELECT * FROM final WHERE pat = ? and WHERE ped = ?";
my $sth = $dbh->prepare($sql);

$sth->execute( $PatenteToQuery,  $PedimentoToQuery );
[download]

In this case, your error was a missing end quote, which I found while installing the bind vars.

UPDATE: Yes, my mistake, I reproduced the bad SQL syntax while fixing the bad perl syntax. Honestly, I didn't even read the SQL. Sorry about that.

-Paul

Comment on Re: Help my syntax Select or Download Code

Replies are listed 'Best First'.
Re^2: Help my syntax by ArmandoG (Sexton) on Dec 21, 2007 at 20:14 UTC
Hi thanks for writing! I try it like you told me but is there something more I need to do to make it work because it just shows me the result page but without any data, and where I go to check the error log, this is what It said: [Fri Dec 21 14:10:22 2007] [error] [client 127.0.0.1] DBD::mysql::st e +xecute failed: You have an error in your SQL syntax; check the manual + that corresponds to your MySQL server version for the right syntax t +o use near 'WHERE ped = '7010700'' at line 1 at c:\oracle\ora92\apach +e\apache\cgi-bin\patyped.pl line 55. [Fri Dec 21 14:10:22 2007] [error] [client 127.0.0.1] DBD::mysql::st f +etchall_arrayref failed: fetch() without execute() at c:\oracle\ora92 +\apache\apache\cgi-bin\patyped.pl line 60. [download] What is missing in there? Thanks :o)	[reply] [d/l]
Re^3: Help my syntax by chromatic (Archbishop) on Dec 21, 2007 at 20:33 UTC
That line should be: `my $sql = "SELECT * FROM final WHERE pat = ? and ped = ?";` The second `WHERE` is an error, per my reading of the MySQL documentation.	[reply] [d/l] [select]