Front page | perl.beginners |
Postings from February 2002
RE: Perl DBI - using parameters
Thread Previous
|
Thread Next
From:
McElwee, Shane
Date:
February 1, 2002 10:45
Subject:
RE: Perl DBI - using parameters
Message ID:
BD898E20FCD1D51181D300B0D049A6142825C2@kendall-ex2.kendall.akamai.com
I misunderstood the example from the book. Thanks for clearing that up.
@table_arr is reading from a file now but I can use your suggestion if I
have to make the process more interactive.
Thanks
Shane
-----Original Message-----
From: Michael Fowler [mailto:michael@shoebox.net]
Sent: Friday, February 01, 2002 12:53 PM
To: McElwee, Shane
Cc: 'beginners@perl.org'
Subject: Re: Perl DBI - using parameters
On Fri, Feb 01, 2002 at 12:13:41PM -0500, McElwee, Shane wrote:
> foreach $i (@table_arr){
> $content = $i;
> # print ("table name is: $i \n");
> open( CONTENT, ">$content" ) || die "Can't open file $content";
> my $sth = $dbh->prepare("select * from ?");
> $sth->bind_param(1, $i);
>
> my $row;
>
> $sth->execute or die "Can't execute SQL statement: ",
$sth->errstr(),
> "\n";
> $row = $sth->dump_results(80, "\n", ':',\*CONTENT);
> }
Placeholders are for data, not SQL syntax. A placeholder doesn't just
insert the text as is, it quotes it. In your case, the quoting is
preventing the database from being able to parse it. Instead of using a
placeholder just use Perl to interpolate:
my $sth = $dbh->prepare("select * from $i");
Also, if $i is input from a user make sure to check it; I'd suggest
not allowing anything except [A-Za-z0-9_].
Michael
--
Administrator www.shoebox.net
Programmer, System Administrator www.gallanttech.com
--
Thread Previous
|
Thread Next