Error in quoting?

blackjudas has asked for the wisdom of the Perl Monks concerning the following question:

I have put together a few routines to handle sessions on a web-driven script which uses DBI to access MySQL. I've encountered a problem that I can't seem to get by: I prepare a statement to delete a row in a database if the username matches, when I use the mysql client, the SQL statement works fine, but through the script it just doesn't seem to do it. Reading through some of the nodes brought me to the quoting problems some SQL servers and DBI have to overcome, while aware of this I've never paid too much attention since I bind most if not all of my variables. Here's a bit of code:

sub del_session {

    my $user = $_;
    my $dbh = DB_Methods::db_connect();
    my $sth = $dbh->prepare("DELETE FROM session WHERE     user_name L
+IKE ?");
    $sth->bind_param(1, $user);
    $sth->{ChopBlanks} = 1;
    unless ($sth->execute()) {die $dbh->errstr();}
    $sth->finish();
    $dbh->disconnect();
}
[download]

While I don't see any problems with this code, the end result from this call doesn't produce any sql errors so I can assume that the statement has been executed and the row(s) deleted. But when I check the table ... it still contains the row that was to be removed. Can anyone enlighten me as to what I'm missing here (running out of options).

Comment on Error in quoting? Download Code

Replies are listed 'Best First'.
Re: Error in quoting? by chromatic (Archbishop) on Apr 24, 2001 at 03:57 UTC
Do you really have the user name in $_? I would expect either of the following instead: `my $user = shift; # or my ($user) = @_;` [download] Assuming this isn't a transcription typo, that is, I'd print "->$user<-" just to make sure it contains what you think it should contain.	[reply] [d/l]
Re: Error in quoting? by Masem (Monsignor) on Apr 24, 2001 at 00:06 UTC
Check the mysql log when you call this, and see what exactly it prints out (by default, stored at /var/log/mysql.log). Any time I've had conflicts between what I type into the command line mysql client and through DBI, the log has always helped me figure out what I need. Without more details, of course, my only guess off hand is that you are not quite getting an exact match on the user_name; again, viewing the log would help. Also, you should try to make sure to catch errors from the db_connect() and the prepare() methods as well; the former most important as if you can't connect to the DB, your code will fail, and for the prepare() to help you catch SQL errors before they are executed. Dr. Michael K. Neylon - mneylon-pm@masemware.com \|\| "You've left the lens cap of your mind on again, Pinky" - The Brain	[reply]
Re: Error in quoting? by voyager (Friar) on Apr 24, 2001 at 00:52 UTC
You may find that if you have taint checking turned on and your where clause is built from a `param` passed into your script, that you must untaint the value first.	[reply]
Re: Error in quoting? by blackjudas (Pilgrim) on Apr 24, 2001 at 19:37 UTC
You're quite right, noticed it after I posted the code, just a mistake on my part since it used to be @_ .. Thanks for the help guys, now I just need to figure out all about taint checking...	[reply]