From: Gunnar Hjalmarsson <[EMAIL PROTECTED]>
> Jenda Krynicky wrote:
> > From: "Pat Rice" <[EMAIL PROTECTED]>
> >>
> >> my $sth = $dbh->prepare('SELECT * FROM test1 ORDER BY ?');
> >
> > Most databases would not let you prepare a statement like this. Most
> > often only values may be replaced by placeholders, not column names.
>
> Hmm.. My fault, obviously. I had no idea.
>
> So, what you are saying is that
>
> my $sth = $dbh->prepare('SELECT * FROM test1 ORDER BY ?');
> $sth->execute($sortby);
>
> should better be replaced by
>
> my $sth = $dbh->prepare("SELECT * FROM test1 ORDER BY $sortby");
> $sth->execute();
It has to be, yes. Just do make sure
$sortby =~ /^(?:ONE|OF|THE|COLUMNS|YOU|WANT|TO|SORT|BY)$/
(possibly case insensitively).
Jenda
===== [EMAIL PROTECTED] === http://Jenda.Krynicky.cz =====
When it comes to wine, women and song, wizards are allowed
to get drunk and croon as much as they like.
-- Terry Pratchett in Sourcery
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
