> > I can get the results to print directly with this code: > > > > $sth = $dbh->prepare ("SELECT * FROM $working_tbl WHERE first='one' > > ORDER BY Location"); > > $sth->execute (); > > while ( my $hash_ref = $sth->fetchrow_hashref ) { > > print "ID: $hash_ref->{'ID'} -- Name: $hash_ref->{'Name'} > > (etc....) <br>\n"; > > }
> this is cool, but do note that the DBI docs generally advise against the > use of a variable table name (well... I understand them to be advising > against) as it doesn't allow for creating a plan and optimizing the > query. Anyway...
What has Perl's string interpolation got to do with DBI?
"SELECT * FROM $working_tbl WHERE first='one' ORDER BY Location"
The variable $working_tbl will be interpolated by Perl, long before DBI ever gets to see the SQL statement, due to the double-quote.
$working_tbl may come from some kind of user input, which opens you up to SQL injection attacks. Most databases don't allow placeholders for the table name. It's best to use DBI->quote() whenever you absolutely must interpolate a variable into an SQL statement.
Mathew
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration. _______________________________________________ Html-template-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/html-template-users
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Html-template-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/html-template-users
