here's one i wrote a while back; it builds the arguments dynamically
depending on what parameters cgi passes back from the page to the
script. the biggest problem probably is to make sure you have all the
quotes accounted for.
the variables being passed here are only the "where" clauses but the
same principle would apply to fields or any other potentially dynamic
part of the command; i've also used the same concept to decide on the
fly whether to "insert" or "update":
*********************
########## Build SQL statement arguments
if (param("submit") eq "Add Record")
{
$dbh_args = " where clli = \"\"";
}
else
{
$dbh_args = " where clli = \"$get_clli\"";
}
$dbh_args = $dbh_args . " and eqpt_name = \"$get_eqpt_name\"" if
$get_eqpt_name;
$dbh_args = $dbh_args . " and cfa = \"$get_cfa\"" if $get_cfa;
$dbh_args = $dbh_args . " and date = \"$get_date\"" if $get_date;
$dbh_args = $dbh_args . " order by eqpt_name, cfa";
$sth = $dbh->prepare("select * from defective_ports $dbh_args");
$sth->execute();
*************************
hope this helps,
joe
On Mon, 2003-03-31 at 11:20, Jasmine wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Hi
>
> Is there any way to pass variables into MySQL statements for execution? I m
> using the DBI package. Thanks!
>
> Heres my snippet and it doesnt work.
> dbconnect();
> prepare the query for execution
> my ($sql01) = join "select description from table where
> host=", "$abc;";
> print "$sql01 \n";
> my $query01 = $dbh -> prepare($sql01) || die "Prepare failed:
> $DBI:: errstr \n";
> $query01 -> execute;
>
>
>
> Jasmine Chua
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQE+iHj3NgvTa7Hj2AURAh2tAJ9fDIZ40/9CI9ZhCDncYh7B+8BBEQCgqPoI
> VA22fTtDlaYIEL3gXu0PgJM=
> =x2jl
> -----END PGP SIGNATURE-----
--
Joe Mecklin <[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
