On Sep 28, 2009, at 11:01 AM, Ruprecht Helms wrote:
Hi,
How have I to write the sql-statement if I want to use variables
like this:
<?
...
$sql="SELECT * FROM Table WHERE ID=$recordset";
$result=mysql_db_query($database,$sql);
...
?>
Don't. http://xkcd.com/327/
The value of the variable can have the value of another recordsetloop
or a value come from outsite the script.
Regards,
Ruprecht Helms
Your SQL layer should allow placeholders so you can do
(as done in DBI.pm )...
my $sql = <<';';
SELECT * FROM TABLE
WHERE ID = ?
;
my $sth = $dbh->prepare($sql);
$sth->execute(123);
my @row = $sth->fetchrow_array; # or hash or whatever
.
.
.
If your SQL layer does NOT allow placeholders, get a different one.
--L
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
http://learn.perl.org/
