in reply to Flexible Update SQL

One way is 

my $sql = qq! UPDATE table SET !
            . ( defined($phone) ? qq! phone = '$phone', ! : '')

[download]

Remember, you should really be using placeholders to prevent SQL injection attacks.

Replies are listed 'Best First'.
Re^2: Flexible Update SQL
by JavaFan (Canon) on Dec 02, 2010 at 01:11 UTC
    Remember, you should really be using placeholders to prevent SQL injection attacks.
    There can only be SQL injection attacks if the OP would be passing in data from untrusted sources to the subroutines.

    There is, however, a much better to use placeholders. It'll take care of dealing with undef values.

[reply]
Re^2: Flexible Update SQL
by bichonfrise74 (Vicar) on Dec 02, 2010 at 01:08 UTC
    I had the same approach that you suggested but there is a problem with this... For example, if the phone and country are null, then the SQL that will be constructed will be: 
    UPDATE table SET city = 'test_city', FROM ...

    [download]
    This will be incorrect because of the comma after the 'test_city.'

    I am not worried about SQL injection attack since this is really something internal and will not be exposed to the outside world.

[reply]
[d/l]

In Section Seekers of Perl Wisdom