I have been given:
my $sql = "EXEC $SPROC ".
join ', ', ('?') x $procs{$SPROC};
my $sth = $dbh->prepare($sql);
$sth->execute(@CHOICE);
But I don't understand how to apply it. Did the person that gave me this mean:
$sth->execute($Command);
No. I meant what I wrote. And I've tried twice to explain how it's used. But you seem determined not to understand :-)
Let's have one last try.
- Create an SQL statement containing placeholders (marked by question marks) where you later want to insert values.
- Compile that SQL using $dbh->prepare. This returns a statement handle ($sth).
- Execute the statement using $sth->execute passing it a list of values - one value for each placeholder in the SQL statement,
Does that help at all?
| [reply] [Watch: Dir/Any] [d/l] [select] |
You should be using a whitelist for the valid values of $SPROC, as was mentioned in several of the replies to your original question. The topic of bound parameters was also covered.
You should go back to that node and read all of the replies carefully, and ask questions when one of them doesn't make sense to you. If you just copy and paste code to see if it works you will do yourself a great disservice.
| [reply] [Watch: Dir/Any] |