Front page | perl.beginners |
Postings from February 2002
On Fri, Feb 01, 2002 at 12:13:41PM -0500, McElwee, Shane wrote:
> foreach $i (@table_arr){
> $content = $i;
> # print ("table name is: $i \n");
> open( CONTENT, ">$content" ) || die "Can't open file $content";
> my $sth = $dbh->prepare("select * from ?");
> $sth->bind_param(1, $i);
>
> my $row;
>
> $sth->execute or die "Can't execute SQL statement: ", $sth->errstr(),
> "\n";
> $row = $sth->dump_results(80, "\n", ':',\*CONTENT);
> }
Placeholders are for data, not SQL syntax. A placeholder doesn't just
insert the text as is, it quotes it. In your case, the quoting is
preventing the database from being able to parse it. Instead of using a
placeholder just use Perl to interpolate:
my $sth = $dbh->prepare("select * from $i");
Also, if $i is input from a user make sure to check it; I'd suggest
not allowing anything except [A-Za-z0-9_].
Michael
--
Administrator www.shoebox.net
Programmer, System Administrator www.gallanttech.com
--
Thread Previous