in reply to DBI variable argument count
I tend to assemble my arguments to execute as I assemble my SQL statement. There are many ways to do it. The following might give you some ideas:
use strict; use warnings; use Data::Dumper; update(10, { name => 'test', value => 'success', }); sub update { my ($key, $params) = @_; my $sql = "update my_table set "; my @args; $sql .= join( ', ', map { push(@args, $params->{$_}); "$_ = ?" } keys %$params ); $sql .= " where key = ?"; push(@args, $key); die Dumper([$sql, \@args]); }
which gives a coordinated SQL statement and array of arguments for execute:
$VAR1 = [ 'update my_table set value = ?, name = ? where key = ?', [ 'success', 'test', 10 ] ];
update: you should check the field names to avoid SQL injection. I typically qualify them against a list of known field names one way or another (grep a list, lookup in a hash, match a regular expression, etc.)
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: DBI variable argument count
by anothersmurf (Novice) on Sep 14, 2012 at 01:39 UTC | |
by ig (Vicar) on Sep 14, 2012 at 02:50 UTC |
In Section
Seekers of Perl Wisdom