The easiest way to explain this is with an example
#!/usr/bin/perl -wT
$ENV{'DB2INSTANCE'} = 'XXXXX';
$ENV{'INSTHOME'} = '/XXXXX/XXXXX/XXXXX';
use DBI;
my $dbh = DBI->connect("dbi:DB2:XXXXX", "", "",
{RaiseError=>1, PrintError=>0, AutoCommit=>0});
my $tainted_input = shift;
my $sth = $dbh->prepare("SELECT DISTINCT tabname FROM syscat.tables " .
"WHERE tabschema = ?");
$sth->execute($tainted_input);
my @row;
while (@row = $sth->fetchrow_array) {
print "$row[0]\n";
}
$dbh->commit;
$dbh->disconnect;
This works fine if the T is removed from the shebang line, but fails with
Can't bind unknown parameter marker '1' at db2_taint line 13.
Issuing rollback() for database handle being DESTROY'd without explicit
disconnect().
when it is as above. Similar code worked fine with DBI and Oracle. Did I
do something wrong or is this a bug?
Thanks,
Belinda
