[GENERAL] stored queries and quoted strings
Hello, I have a strange problem with stored queries like this $sql = qq/ SELECT city, country FROM countries WHERE city LIKE ? ORDER BY city /; $sthCity= $dbh-prepare($sql); my $tempCity = $dbh-quote(n%); $sthCity-execute($tempCity); my $result = $sthCity-fetchall_arrayref; the query doesn't return any value. It works only if I remove the - quote(). The following code actually works retuning all cities with their name n-something my $tempCity = n%; $sthCity-execute($tempCity); my $result = $sthCity-fetchall_arrayref; bu I'm a little bit worried to use a a WHERE statement without quoting the search pattern (input by user). Is it a problem or not? Thanks, Filippo ---(end of broadcast)--- TIP 2: Don't 'kill -9' the postmaster
Re: [GENERAL] stored queries and quoted strings
On fös, 2007-03-30 at 00:31 -0700, filippo wrote: Hello, I have a strange problem with stored queries like this $sql = qq/ SELECT city, country FROM countries WHERE city LIKE ? ORDER BY city /; $sthCity= $dbh-prepare($sql); my $tempCity = $dbh-quote(n%); $sthCity-execute($tempCity); the query doesn't return any value. It works only if I remove the - quote(). you do not have to use quote() on the parameters of a prepared statement, as this is already done for you. gnari ---(end of broadcast)--- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
