Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Perl Mysql DBI, using placeholders with unknown variable count

by Haioken (Novice)
on Aug 18, 2009 at 09:02 UTC ( #789392=perlquestion: print w/ replies, xml ) Need Help??
Haioken has asked for the wisdom of the Perl Monks concerning the following question:

I'm trying to create a database search function, giving users the ability to select which fields to search for and which fields to return. In my examples, @q_return is columns to be returned, the keys from %q_search are the columns to be searched, @q_names contains the data to search for. The code below works, however, it's directly interpolating variables into the SQL search string
my $query2 = "SELECT " . join(",", @q_return) . " FROM rma_list WHERE +(" . join(",", (keys %q_search)) . ") = (" . join(",", @q_names) . ") +"; my $sth = $dbh->prepare($query2) or die "Couldn't prepare query: " . $ +dbh->errstr; $sth->execute();
I've modified this code to the following, to allow for placeholders with unknown count using map(). This search no longer returns any rows, with the same data as above. It doesn't die however, so I assume I'm matching the correct amount of variables. What could I be doing wrong here?
my $query = "SELECT " . join(",", map { "?" } @q_return) . " FROM rma_ +list WHERE (" . join(",", map { "?" } (keys %q_search)) . ") = (" . j +oin(",", map { "?" } @q_names) . ")"; my $sth = $dbh->prepare($query) or die "Couldn't prepare query: " . $d +bh->errstr; $sth->execute(@q_return, (keys %q_search), @q_names) or die "Could not + perform query: " . $sth->errstr;
The outpuut from DBI's trace() shows me the following, but I'm unfortunately a little inexperienced to understand it.
DBI::db=HASH(0x1b76164) trace level set to 0x0/2 (DBI @ 0x0/0) in + DBI 1.607-ithread (pid 3392), referer: http://localhost/cgi-bin/temp +.cgi -> prepare for DBD::mysql::db (DBI::db=HASH(0x1b761a4)~0x1b76164 +'SELECT ?,?,?,?,? FROM rma_list WHERE (?) = (?)') thr#233e34, referer +: http://localhost/cgi-bin/temp.cgi \t-> dbd_st_prepare MYSQL_VERSION_ID 50013, referer: http://localhost +/cgi-bin/temp.cgi \t>- dbd_st_free_result_sets, referer: http://localhost/cgi-bin/temp. +cgi \t<- dbd_st_free_result_sets RC -1, referer: http://localhost/cgi-bin +/temp.cgi \t<- dbd_st_free_result_sets, referer: http://localhost/cgi-bin/temp. +cgi \t<- dbd_st_prepare, referer: http://localhost/cgi-bin/temp.cgi <- prepare= DBI::st=HASH(0x16ce66c) at temp.cgi line 273, referer +: http://localhost/cgi-bin/temp.cgi -> execute for DBD::mysql::st (DBI::st=HASH(0x16ce66c)~0x1bd12cc +'status' 'rma_num' 'auth_id' 'vendor' 'part_num' 'status' '0') thr#23 +3e34, referer: http://localhost/cgi-bin/temp.cgi -> dbd_st_execute for 01b875f4, referer: http://localhost/cgi-bin/te +mp.cgi \t>- dbd_st_free_result_sets, referer: http://localhost/cgi-bin/temp. +cgi \t<- dbd_st_free_result_sets RC -1, referer: http://localhost/cgi-bin +/temp.cgi \t<- dbd_st_free_result_sets, referer: http://localhost/cgi-bin/temp. +cgi mysql_st_internal_execute MYSQL_VERSION_ID 50013, referer: http://loc +alhost/cgi-bin/temp.cgi Binding parameters: SELECT 'status','rma_num','auth_id','vendor','par +t_num' FROM rma_list WHERE ('status') = ('0'), referer: http://localh +ost/cgi-bin/temp.cgi <- dbd_st_execute returning imp_sth->row_num 0, referer: http://loca +lhost/cgi-bin/temp.cgi <- execute= '0E0' at temp.cgi line 274, referer: http://localhost +/cgi-bin/temp.cgi -> trace for DBD::mysql::db (DBI::db=HASH(0x1b761a4)~0x1b76164 0) + thr#233e34, referer: http://localhost/cgi-bin/temp.cgi <- trace= ( 2 ) [1 items] at temp.cgi line 275, referer: http://l +ocalhost/cgi-bin/temp.cgi [Tue Aug 18 18:35:26 2009] temp.cgi: 2 at C:/Documents and Settings/A +dministrator/My Documents/RMA Beta/cgi-bin/temp.cgi line 275., refere +r: http://localhost/cgi-bin/temp.cgi -> DESTROY for DBD::mysql::st (DBI::st=HASH(0x1bd12cc)~INNER) thr +#233e34, referer: http://localhost/cgi-bin/temp.cgi , referer: http://localhost/cgi-bin/temp.cgi --> dbd_st_finish, referer: http://localhost/cgi-bin/temp.cgi \t>- dbd_st_free_result_sets, referer: http://localhost/cgi-bin/temp. +cgi \t<- dbd_st_free_result_sets RC -1, referer: http://localhost/cgi-bin +/temp.cgi \t<- dbd_st_free_result_sets, referer: http://localhost/cgi-bin/temp. +cgi , referer: http://localhost/cgi-bin/temp.cgi <-- dbd_st_finish, referer: http://localhost/cgi-bin/temp.cgi \tFreeing 7 parameters, bind 0 fbind 0, referer: http://localhost/cgi +-bin/temp.cgi <- DESTROY= undef at Carp.pm line 356, referer: http://localhost/ +cgi-bin/temp.cgi
Also, I've made an effort to follow etiquette. I hope none of this is out of line. The code is likely ghastly, as I'm still learning the finer details of DBI.

Comment on Perl Mysql DBI, using placeholders with unknown variable count
Select or Download Code
Re: Perl Mysql DBI, using placeholders with unknown variable count
by moritz (Cardinal) on Aug 18, 2009 at 09:16 UTC
    With mysql you can't use placeholders for column specifications, only for data. For column names you have to use $dbh->quote_identifier instead.
    my $query = "SELECT " . join(", ", map { $dbh->quote_identifier($_) } @q_return) . " FROM rma_list WHERE (" . join(', ', ('?') x (keys %q_search) ...
    Perl 6 projects - links to (nearly) everything that is Perl 6.
      I've also been painfully made aware that my search terms (@q_names) are being quoted, irrespective of SQL's datatype for this field, or of the data in my field. As an example:
      SELECT `status`, `rma_num`, `auth_id`, `vendor`, `part_num` FROM rma_l +ist WHERE ('status') = ('0');
      is now being generated, which returns 0 rows, as status is an integer. My code for $query has been extrapolated from your elegant example as:
      my $query = "SELECT " . join(", ", map { $dbh->quote_identifier($_) } @q_return) . " FROM rma_list WHERE (" . join(', ', ('?') x (keys %q_search)) . ") = (" . join(', ', ('?') x @q_names) . ");";
      It seems obvious to me that my code isn't placing these quotes on the search items, so I guess DBI's substitution is. Is there a way to force this off for integer only variables? Or a different substitution character?
        If status is a column name, you may not quote it with $dbh->quote() or by using it as a placeholder - you must use $dbh->quote_identifier(). That is the problem, not the data type of the int.

        Sorry if I got that wrong in my first example.

        The rule is simply $dbh->quote_identifier() for column names and placeholders (?) for data.

        Perl 6 projects - links to (nearly) everything that is Perl 6.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://789392]
Approved by rovf
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (9)
As of 2014-12-26 16:02 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (171 votes), past polls