[ale] brain damaged perl DBI

fletch at phydeaux.org fletch at phydeaux.org
Fri Jan 28 13:39:28 EST 2005



>>   foreach my $id (@clone_list){
>>     my $query = qq|SELECT id
>>        FROM assembly
>>        WHERE parts_id = $id|;
>
> I believe you'll need single quotes around $id above.
>
>>     my $sth = $dbh->prepare($query);
>>     $sth->execute || $form->dberror($query);


The better solution would be to use a placeholder.  Then you can prepare the
statement once outside the foreach and pass the id when you execute it (and
you're also less vulnerable to SQL injection attacks).

my $sth = $dbh->prepare( qq{
SELECT id FROM assembly WHERE parts_id = ?
});
foreach my $id ( @clone_list ) {
  $sth->execute( $id ) or $form->dberror( "assembly SELECT id $id" );

  while( my $row = $sth->fetchrow_arrayref ) {
    #...
  }

  $sth->finish( );
}


See perldoc DBI for more info on placeholders.  Also check out the trace()
method
which can be handy to see exactly what you're sending back and forth to
your DB
backend.

-- 
Fletch                | "If you find my answers frightening,       __`'/|
fletch at phydeaux.org|  Vincent, you should cease askin'          \ o.O'
                      |  scary questions." -- Jules                =(___)=
                      |                                               U



More information about the Ale mailing list