[EMAIL PROTECTED] [[EMAIL PROTECTED]] wrote:
> Dana,
>
> Generally I prefer to cat together my select statement as a string, then use
> prepare(). Like this:
> my $SQL_sth1 = q
Careful with this "q" - remember that a single quote will *NOT*
allow interpolation of any perl variables($certificate) in the
sql. If you change this "q" to "qq", this should be ok.
> { SELECT *
> FROM coverage_primary_loan
> WHERE certificate_number = $certificate
> };
>
> my $sth1 = $dbh1->prepare($SQL_sth1);
>
> Now you can print $SQL_sth1 and you can find many obvious errors this way.
>
> But there's a better way to do what you're doing: placeholders and bind
> variables. I urge you to buy and read "Programming the Perl DBI" from
> O'Reilly Press. It has pretty much everything you need to know about this
> great tool.
I agree completely - placeholders and bind variables is the way to
go. Read the fine manual by doing
perldoc DBI
and search(using the forward slash) for "placeholders".
--
Hardy Merrill
Senior Software Engineer
Red Hat, Inc.
