in reply to PerlOO what i am doing???

You are not currently doing object-oriented programming. You are doing something that might superficially resemble OOP, but it's not OOP.

If you want to do OOP in Perl, I'd strongly suggest Moose or one of its friends (Mouse, Moo or Mo). These toolkits hide away much of the boilerplate code associated with Perl OOP, and allow you to concentrate on the business of writing and using your classes.

OOP aside, I'd say that your biggest problem though is the fact that you're not using DBI's prepared statements properly. Don't do this:

my $sth = $dbh->prepare("SELECT * FROM foo WHERE bar='$baz'");
$sth->execute;

[download]

Do this (thanks Anonymous Monk below for the correction):

my $sth = $dbh->prepare("SELECT * FROM foo WHERE bar=?");
$sth->execute($baz);

[download]

This allows DBI to handle escaping issues for you, and in many cases optimize multiple calls of execute.

Anyhow, here's my rewrite of your package using Moose and prepared statements...

{
    package ChristianDatabase;
    
    use Moose;
    
    has database_connection => (
        is         => 'ro',
        isa        => 'Object',
        lazy_build => 1,
    );
    
    sub _build_database_connection
    {
        DBI->connect("dbi:mysql:christianDatabase", "xxxacctxxx" , "xx
+xpassxxx") or die
    }
    
    sub add_comment
    {
        my ($self, $comment, $username) = @_;
        die "not implemented yet";
    }
    
    sub make_comment_record
    {
        die "not implemented yet";
    }

    sub check_comment_record
    {
        my ($self, $MNid) = @_;
        my $sql = "SELECT mnref FROM comment_record WHERE mnid=?";
        my $ccr = $self->database_connection->prepare($sql);
        $ccr->execute($MNid) or die "$!";
        return $ccr->fetchrow_array;
    }
    
    sub add_new_news
    {
        my ($self, $newsHeading, $fullText, $NewsPhoto, $url) = @_;
        my $newsid = new_News();  # new_News isn't defined anywhere!!
        my $sql = q{
            INSERT INTO news (news_heading, full_text, news_photos, ur
+l, date, newsID)
            VALUES (?, ?, ?, ?, NOW(), ?)
        };
        my $addNews = $self->database_connection->prepare($sql);
        $addNews->execute(
            $newsHeading,
            $fullText,
            $NewsPhoto || '',
            $url,
            $newsid,
        ) or die "$!";
        return $newsid;
    }
}

# Example usage...

my $db = ChristianDatabase->new;
$db->add_new_news(
    "This is a News Story",
    "It's really quite an interesting one.",
    undef,
    "http://www.example.com/",
);

[download]
perl -E'sub Monkey::do{say$_,for@_,do{($monkey=[caller(0)]->[3])=~s{::}{ }and$monkey}}"Monkey say"->Monkey::do'

Replies are listed 'Best First'.
Re^2: PerlOO what i am doing???
by Anonymous Monk on Aug 12, 2012 at 09:04 UTC

    ... WHERE bar = ?, not ... WHERE bar = '?'

[reply]
[d/l]
[select]
A reply falls below the community's threshold of quality. You may see it by logging in.

In Section Seekers of Perl Wisdom