There's a bug in binding parameters in DBD::mysql 3.0003_1, when
binding a string that has slashes in it.
Below is how to reproduce it.
Create a simple table:
=== TABLE ===
CREATE TABLE tbl_tst_xx (
cv1 varchar(255) NULL,
ci2 int(11) NULL,
ci3 smallint(6) NULL
)
======
Then write a perl script that uses bound parameters:
=== SCRIPT ===
use strict;
use warnings;
use DBI qw(:sql_types);
use Data::Dumper;
my @dsn = ("dbi:mysql:database=XXX;host=localhost;port=3306;");
my $sql;
my $dbh;
my $sth;
my $results;
$dbh = DBI->connect( @dsn, 'username', 'password', {
PrintError => 1,
AutoCommit => 0,
RaiseError => 0,
ChopBlanks => 1
});
$sql = 'insert into tbl_tst_xx (cv1, ci2, ci3) values (?,?,?)';
$sth = $dbh->prepare( $sql );
$sth->bind_param(1, 'http://test/test/test.gif',
{ TYPE => SQL_VARCHAR});
$sth->bind_param(2, 1234567890, { TYPE => SQL_INTEGER });
$sth->bind_param(3, 0, { TYPE => SQL_INTEGER });
$sth->execute;
do {
$results = $sth->fetchall_arrayref;
foreach (@$results) {
warn join("\t", @$_)."\n";
}
} while ($sth->more_results);
$sth->finish;
======
Run the script and see what is inserted into the table.
You'll notice that the integers are completely off. If you run the
same test but put in the varchar field a simple string without the
slashes, you're ok.
If you run the same script but without bound parameters (and with
slashes), the insert is good.
