Ron Savage wrote:
(This Perl is from my Database.pm):
# -----------------------------------------------
sub find_entity_via_keystrokes
{
my($self, $prefix) = @_;
my($sql) = "select entity_id, entity_name from entity where entity_name_key
like lower('$prefix%') order by entity_name";
my($result) = $$self{'_dbh'} -> selectcol_arrayref($sql, {Columns => [1,
2]});
I do hope you're in a tightly controlled environment, or that you're properly
untainting and detoxifying $prefix. I'd suggest using placeholders instead of
using variables directly in sql strings.
Isn't your "like" case-insensitive? I guess that might depend on the database
engine.
Anyway, just my 2 øre. The technique is interesting though.
Rhesa
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/cgiapp@lists.erlbaum.net/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]