Re: Explain SQL statement

It builds an SQL statement headed for a database. And does it in a dangerous way.

SELECT * is slow, and the order the rows come out is not guarenteed. The rows you want to return should be explicitly named in almost every case.
Constructs like day = '$d' are dangerous, due to a potential SQL-injection attack. It also negates the use of caching in common cases. Placeholders should be used instead.
It has a generally poor style. A few newlines and good indentation would make it a lot easier to read.

My suggested style would be:

$sql = qq/
    SELECT * 
    FROM tbl_admin 
    WHERE 
        day = '$d'        AND 
        month = '$m_num'  AND
        year = '$y'       AND 
        expal IN (/ . 
            join(',',keys %expal) . qq/
        ) AND 
        status = '2'/;
[download]

However, note that the above only addresses style issues--the other problems mentioned are not fixed. Further, each programmer is going to have their own style, so I'm sure someone else might format the above in a different way. I am sure, though, that everyone would agree that the above is signficantly better style than the orginal.

In short, do not take this bit of code as anything resembling good coding practice. Judging from the above, I wouldn't trust anything that particular programmer wrote.

For examples of good database practice, I recommend A Short Guide to DBI on perl.com.

----
send money to your kernel via the boot loader.. This and more wisdom available from Markov Hardburn.

Comment on Re: Explain SQL statement Select or Download Code

Replies are listed 'Best First'.
Re^2: Explain SQL statement by Roy Johnson (Monsignor) on May 26, 2004 at 14:30 UTC
For what it's worth, "this particular programmer" was only illustrating how the use of IN would change the code, not providing a complete, recommended solution. The PerlMonk `tr///` Advocate	[reply]
Re^3: Explain SQL statement by Anonymous Monk on May 26, 2004 at 15:31 UTC
Could I try to place the values in alphabetic order after since I can't figure it out on the SQL query. Like to a SORT on the returned values from the "fetchrow_hashref" Do a SORT here in one of the returned values `$comp=$pointer->{'comp_name'};` [download]	[reply] [d/l]
Re*: Explain SQL statement by Roy Johnson (Monsignor) on May 26, 2004 at 16:25 UTC
It is certainly possible to accumulate all the rows returned in an array (of hashes), and then sort that array by whichever hash element you like before output. I still think what you really want to do is to have one query that returns all the data in the desired order. The PerlMonk `tr///` Advocate	[reply]