stored queries and quoted strings
Hello,
I have a strange problem with stored queries like this
$sql = qq/
SELECT city, country
FROM countries
WHERE city LIKE ?
ORDER BY city
/;
$sthCity= $dbh->prepare($sql);
my $tempCity = $dbh->quote("n%");
$sthCity->execute($tempCity);
my $result = $sthCity->fetchall_arrayref;
the query doesn't return any value. It works only if I remove the -
quote(). The following code actually works retuning all cities with
their name n-something
my $tempCity = "n%";
$sthCity->execute($tempCity);
my $result = $sthCity->fetchall_arrayref;
bu I'm a little bit worried to use a a WHERE statement without quoting
the search pattern (input by user). Is it a problem or not?
Thanks,
Filippo
On f�s, 2007-03-30 at 00:31 -0700, filippo wrote:
Hello,
I have a strange problem with stored queries like this
$sql = qq/
SELECT city, country
FROM countries
WHERE city LIKE ?
ORDER BY city
/;
$sthCity= $dbh->prepare($sql);
my $tempCity = $dbh->quote("n%");
$sthCity->execute($tempCity);
the query doesn't return any value. It works only if I remove the -
quote().
you do not have to use quote() on the parameters of a prepared
statement, as this is already done for you.
gnari