Seeing the query used by a prepared statement

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks

If i create a prepared statement to run a query as is described here http://stackoverflow.com/questions/2300765/how-can-i-protect-against-sql-injection-attacks-using-perls-dbi How can I actually see the sql query that was performed? Is there a method so I can print it out for debugging etc

Kind regards

Comment on Seeing the query used by a prepared statement Download Code

Replies are listed 'Best First'.
Re: Seeing the query used by a prepared statement by zwon (Abbot) on Nov 01, 2010 at 00:08 UTC
See TRACING section in DBI documentation	[reply]
Re^2: Seeing the query used by a prepared statement by aquarium (Curate) on Nov 01, 2010 at 02:21 UTC
and likewise check any tracelogs on the database server, which should show the exact statement received before execution. you may need to turn on such server side detail tracing in the first place, and that will vary depending on you DB engine. the hardest line to type correctly is: stty erase ^H	[reply]
Re^3: Seeing the query used by a prepared statement by ag4ve (Monk) on Nov 01, 2010 at 03:11 UTC
the above recommendations are probably better (i'm not looking at the dbi page right now, might say the same thing), but here's what i do: `my $select = qq/SELECT * /; my $from = qq/FROM db/; my $query = $select . $from; # print "SQL: $query\n"; my $sth = $dbh->prepare( $query ); $sth->execute;` [download] note the print statement. also, it's not secure in any way - just for testing. also, iirc the perl taint doesn't effect dbi data - separate taint.	[reply] [d/l]