Perl DBI / Variable Question

Trihedralguy has asked for the wisdom of the Perl Monks concerning the following question:

I'm having some variable problem in conjunction with DBI...

What is happening is that I'm using a variable called $mainsearch that i get from the user in a form GET and it taking it in and making $mainsearch (you will see below)...But when I do a select in Oracle (using DBI) the first statement uses the variable and it seem that the variable 'loses its data' which means the rest of the statments dont bring up the right stuff...Maybe someone can help me out, tell me what im doing wrong. Basically here are my code snippets:

my %incoming = &read_input;

# Read information into associated

# array %incoming.
my $mainsearch = $incoming{'yoursearch'}; 
# Fetch the text from the array.
my $maintable = $incoming{'yourtable'}; 
# Fetch the text from the array.

#Start DBI
my $dbh = DBI->connect("dbi:xxxxxxxxxxx", "xxxxxxx", "xxxxxxxx");
my $st = $dbh->prepare("
    select * from (
    select * from qatest
    where ser_app_name
    like upper('%$mainsearch%')
    or att_data
    like upper('%$mainsearch%')
    or mrserver
    like upper('%$mainsearch%')
    or owner_user
    like upper('%$mainsearch%')
    or lan_serv
    like upper('%$mainsearch%')
    or s_contact
    like upper('%$mainsearch%')
    or s_provider
    like upper('%$mainsearch%')
    or prod_deliv
    like upper('%$mainsearch%')
    order by ser_app_name ASC
    ) where rownum < 31

        ");
$st->execute();
[download]

Please someone give me some insight ive been looking on google and perl sites all day with no resolution in-sight!

>>>UPDATE: I cant figure out how to format on this website, I cant seem to put line breaks in :(

20070124 Janitored by Corion: Added formatting, code tags, as per Writeup Formatting Tips

Comment on Perl DBI / Variable Question Download Code

Replies are listed 'Best First'.
Re: Perl DBI / Variable Question by liverpole (Monsignor) on Jan 24, 2007 at 22:29 UTC
Hi Trihedralguy, Question: what happens when you print out the SQL command? Does it look like what you'd expect? Try breaking it up into this first: my $sql = " select * from ( select * from qatest where ser_app_name like upper('%$mainsearch%') or att_data like upper('%$mainsearch%') or mrserver like upper('%$mainsearch%') or owner_user like upper('%$mainsearch%') or lan_serv like upper('%$mainsearch%') or s_contact like upper('%$mainsearch%') or s_provider like upper('%$mainsearch%') or prod_deliv like upper('%$mainsearch%') order by ser_app_name ASC ) where rownum < 31 "; print "Debug> sql is:\n", "-" x 70, $sql, "\n", "-" x 70, "\n"; my $st = $dbh->prepare($sql); $st->execute(); [download] Maybe that will expose something that shows you how to fix it. If not, perhaps you can try sending the value displayed for `$sql` to the database by hand. Update: By the way, once you've got the problem solved, you might consider shortening it a bit: `my $like_string = "like upper('%$mainsearch%') "; my @fields = qw( att_data mrserver owner_user lan_serv s_contact s_provider prod_de +liv ); my $like_clause = "where ser_app_name $like_string"; map { $like_clause .= " or $_ like $like_string" } @fields; # The simplified sql statement .... my $sql = " select * from ( select * from qatest $like_clause order by ser_app_name ASC ) where rownum < 31 ";` [download] s''(q.S:$/9=(T1';s;(..)(..);$..=substr+crypt($1,$2),2,3;eg;print$..$/	[reply] [d/l] [select]
Re: Perl DBI / Variable Question by eric256 (Parson) on Jan 24, 2007 at 23:13 UTC
I wonder if you issue might be that you are UPPER'ing the search parameter but not the field. So if the field holds "eric" and you search for "e" it isn't going to work because "eric" is not like "%E%". Below is your code formated differently, to each his own, but i find this much easier to read. I also added a call to `$dbh->quote()` so that users can't shove scary bad stuff into your query. my %incoming = &read_input; # Read information into associated # array %incoming. my $mainsearch = $incoming{'yoursearch'}; # Fetch the text from the array. my $maintable = $incoming{'yourtable'}; # Fetch the text from the array. #Start DBI my $dbh = DBI->connect("dbi:xxxxxxxxxxx", "xxxxxxx", "xxxxxxxx"); #quote the search in case the user tries to hide something nasty in th +ere $mainsearch = $dbh->quote($mainsearch); my $st = $dbh->prepare(" select * from ( select * from qatest where UPPER(ser_app_name) like upper('%$mainsearch%') or UPPER(att_data) like upper('%$mainsearch%') or UPPER(mrserver) like upper('%$mainsearch%') or UPPER(owner_user) like upper('%$mainsearch%') or UPPER(lan_serv) like upper('%$mainsearch%') or UPPER(s_contact) like upper('%$mainsearch%') or UPPER(s_provider) like upper('%$mainsearch%') or UPPER(prod_deliv) like upper('%$mainsearch%') order by ser_app_name ASC ) where rownum < 31"); $st->execute(); [download] ___________ Eric Hodges	[reply] [d/l] [select]
Re: Perl DBI / Variable Question by geekphilosopher (Friar) on Jan 24, 2007 at 22:33 UTC
For line breaks, you can use <p> tags or <br/> tags. Or, as Corion mentioned, you can check out the Writeup Formatting Tips. A few notes on your code: Don't use & when calling subroutines (unless you know that's what you should be using) Your variable problem may go away if you try using placeholders in prepare (and then executing with bind values), although what you have looks okay. Have you tried manually running the query? If so, does it return the correct results? %incoming is a hash, not an array ;) The single quotes aren't necessary when accessing a hash element. Sorry that I don't have anything too specific. You may want to check out the Tutorials section, there are a few DBI helpers in there.	[reply]
Re: Perl DBI / Variable Question by SheridanCat (Pilgrim) on Jan 25, 2007 at 00:57 UTC
In addition to the other suggestions, you can also see what's going on in the DBI call by setting trace() on the database handle or the statement handle. If you do something like this: `$dbh->trace(3)` [download] or `$st->trace(3)` [download] you'll get verbose output to the screen that might be of help.	[reply] [d/l] [select]
Re: Perl DBI / Variable Question by shigetsu (Hermit) on Jan 24, 2007 at 22:25 UTC
While not inevitably necessary, using `'%${mainsearch}%'` instead of `'%$mainsearch%'` will make your code more readable in this special context. Otherwise, it looks at first glance as if `$mainsearch` was a hash reference being dereferenced. Otherwise, what geekphilosopher said.	[reply] [d/l] [select]
Re^2: Perl DBI / Variable Question by Trihedralguy (Pilgrim) on Jan 25, 2007 at 20:29 UTC
If I run the SQL statement without the perl formatting (duh) on the database but replace '$mainsearch' with something like CAT...the statement DOES work correctly, and grabs rows with a value of 'CAT" from the database. But the real problem comes when I change it back and in perl when the user runs the code...It "stops" (not HAULTS) but just doesnt finish the rest of the 'or' statements. (if that makes sense) So basically, in my terms $mainsearch is loosing its value cause its no longer checking the condition on att_data and etc... I'm still fairly clueless to what I've done wrong. In response to using % on read_input, apparently the snippit of code I got to read input from the previous page (form) is suppost to be that way. shrugs It works :)	[reply]
Re: Perl DBI / Variable Question by Trihedralguy (Pilgrim) on Jan 25, 2007 at 16:07 UTC
If I run the SQL statement without the perl formatting (duh) on the database but replace '$mainsearch' with something like CAT...the statement DOES work correctly, and grabs rows with a value of 'CAT" from the database. But the real problem comes when I change it back and in perl when the user runs the code...It "stops" (not HAULTS) but just doesnt finish the rest of the 'or' statements. (if that makes sense) So basically, in my terms $mainsearch is loosing its value cause its no longer checking the condition on att_data and etc... I'm still fairly clueless to what I've done wrong. In response to using % on read_input, apparently the snippit of code I got to read input from the previous page (form) is suppost to be that way. shrugs It works :)	[reply]