in reply to
Where the advice to use DBI bind parameters can go wrong (long)
For the record, I've never seen a mysql query with that syntax in production code (though this thread isn't limited to MySQL, I'm sure there are similar syntaxes in other RDBMS'). Normally I see the following:
SELECT name, url FROM table WHERE name LIKE %$name%});
This may not do what you expect:
$sth->prepare("SELECT * FROM companies WHERE name = ?");
I've been burned by the double-quotes in '$sth->prepare' also, so I have refrained from using them, especially with regard to their use with binds. In fact, your second example will not work with those bind parameters in double-quotes. All of the DBI books I've seen refer to qq// in these circumstances.