On Jan 29, 5:55 am, [EMAIL PROTECTED] (Chas. Owens) wrote:
> On Jan 29, 2008 2:03 AM, <[EMAIL PROTECTED]> wrote:
> snip> Sorry, I missed the "^" for the regexp ^A+
>
> snip
>
> The ^ should only be used if you were to use Perl regexes, and even
> then your expression would not match anything but strings that held
> "A"s (+ matches the last character 1 or more times). But you should
> not be using Perl regexes, you should be using the SQL operator LIKE
> and its pattern matching language.
>
> snip> I applied your method but the query does not return any record from
> > the table.
>
> > Also when I try to match only one field using like:
> > my $arg = shift;
> > my $sth = $dbh->prepare (" SELECT * FROM $tableName firstname like
> > '$arg' ");
> > $sth->execute();
>
> snip
>
> This sure doesn't look like my code. Try this hard code first and the
> work your way up to doing it dynamically:
>
> my $sth = $dbh->prepare("SELECT * from $tableName where firstname like
> 'A%' or lastname like 'A%' or email like 'A%'");
>
> Also, you should read up on SQL injection
> attacks:http://en.wikipedia.org/wiki/Sql_injection
Thanks for all you help and tips.
I'll definitely read the article about the SQL injection.
After I applied your hard code successfully, I went back to the
original code you sent
and used it again successfully. I apologize for that. It was my
mistake.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
