It's nice that everyone is so helpful with the CGI problem, but this isn't a CGI
list. DBI comments below.
Quoting "MCMULLIN, NANCY" <[EMAIL PROTECTED]>:
> ($pnotes) = $dbh->selectrow_array("SELECT notes FROM table WHERE t1 =
> '$pt'");
http://search.cpan.org/~timb/DBI/DBI.pm#Placeholders_and_Bind_Values
Oracle can avoid the search planning steps if you use a placeholder instead of
pasting the value into the SQL text. For a frequently used query, the affect
of system performance can be quite dramatic.
http://search.cpan.org/~timb/DBI/DBI.pm#ATTRIBUTES_COMMON_TO_ALL_HANDLES
http://search.cpan.org/~timb/DBI/DBI.pm#Outline_Usage
See RaiseError.
You also really need some form of error checking for this statement. In the
example below, I use explilcit error checking on the individual statement. You
could also set RaiseError either on connect() or sometime prior to the
statements you want implicit error checking for.
($pnotes) = $dbh -> selectrow_array(
"SELECT notes FROM table WHERE t1 = ?", {}, $pt )
or die "Failed to fetch notes, $DBI::errstr\n";
> my $sth = $dbh1->prepare("UPDATE table SET notes='$notes' WHERE t =
> '$pt'") or die "Preparing: ", $dbh->errstr;
> $sth->execute or die "Executing: ", $sth->errstr; # this is just
It is *very* dangerous to blindly paste strings from external sources into your
SQL. You are also likely to have problems with notes containing aprostrophes
('). Using placeholders avoids both issues along with being much more
efficient.
my $sth = $dbh1 -> prepare( "UPDATE table SET notes = ? WHERE t = ?" )
or die "Note update prepare failed, $DBI::errstr\n";
$sth -> execute( $notes, $pt )
or die "Note update execute failed, $DBI::errstr\n";
--
Mac :})
