develooper Front page | perl.beginners | Postings from February 2002

RE: Perl DBI - using parameters

Thread Previous | Thread Next
McElwee, Shane
February 1, 2002 10:45
RE: Perl DBI - using parameters
Message ID:
I misunderstood the example from the book. Thanks for clearing that up.
@table_arr is reading from a file now but I can use your suggestion if I
have to make the process more interactive.



-----Original Message-----
From: Michael Fowler []
Sent: Friday, February 01, 2002 12:53 PM
To: McElwee, Shane
Cc: ''
Subject: Re: Perl DBI - using parameters

On Fri, Feb 01, 2002 at 12:13:41PM -0500, McElwee, Shane wrote:
> foreach $i (@table_arr){
>       $content = $i;
> #     print ("table name is:  $i \n");
>       open( CONTENT, ">$content" ) || die "Can't open file $content";
>       my $sth = $dbh->prepare("select * from ?");
>       $sth->bind_param(1, $i);
>       my $row;
>       $sth->execute or die "Can't execute SQL statement: ",
> "\n";
>       $row = $sth->dump_results(80, "\n", ':',\*CONTENT);
>      }

Placeholders are for data, not SQL syntax.  A placeholder doesn't just
insert the text as is, it quotes it.  In your case, the quoting is
preventing the database from being able to parse it.  Instead of using a
placeholder just use Perl to interpolate:

    my $sth = $dbh->prepare("select * from $i");

Also, if $i is input from a user make sure to check it; I'd suggest
not allowing anything except [A-Za-z0-9_].

Programmer, System Administrator

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About