You should not interpolate variables into the SQL statement, especially
not when you work in a CGI environment (or similar). You are begging for
big trouble. Learn what SQL injection means, and avoid it like hell.
Use:
use $dbh->prepare('SELECT neues_suchprofil (?::numeric,?::text)'); #
single quotes -> no interpolation, placeholders instead of interpolation
$dbh->execute($cookieValue,$suchprofil_name); # replacing placeholders
in the database.
Alexander
Christian Stalp wrote:
Thank you Greg,
I allready solf it. First I changed the code this way:
my $arg1 = $cookieValue . "::numeric";
my $arg2 = $suchprofil_name . "::text";
$result = $dbh->prepare ( "SELECT neues_suchprofil ( $arg1, '$arg2' ) " ) or
die "Vorbereitung nicht durchfuehrbar!\n";
$result->execute() or die "Abfrage nicht ausfuehrbar -suchprofil!
$DBI::errstr\n";
$result->finish();
And then I grand some priviliges on the user, which access the DBI. Now it
works :-)
Gruss Christian
--
Alexander Foken
mailto:[EMAIL PROTECTED] http://www.foken.de/alexander/
