Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

Re^3: DBI variable argument count

by anothersmurf (Novice)
on Sep 14, 2012 at 16:11 UTC ( #993752=note: print w/replies, xml ) Need Help??

in reply to Re^2: DBI variable argument count
in thread DBI variable argument count

yes... I hard coded the values and they still don't work:
my $request = "SELECT * FROM dbname WHERE unit = ? AND name1 REGEXP ? +AND email REGEXP ? ORDER BY unit" my $dbh = DBI->connect("DBI:mysql:database=database;host=localhost", " +user", "passwd",{'RaiseError' => 1}); my $sth = $dbh->prepare($request); $sth->execute("001", "duckman", ""); while (my $ref = $sth->fetchrow_hashref()) { # here is where the magic happens h3("this should be running but isn't"); h3("Unit $ref->{'unit'}"); }
I guess I need to learn how to do my SQL differently.

Replies are listed 'Best First'.
Re^4: DBI variable argument count
by brap (Pilgrim) on Sep 14, 2012 at 17:08 UTC
Re^4: DBI variable argument count
by anothersmurf (Novice) on Sep 15, 2012 at 02:06 UTC
    h3("this should be running but isn't"); h3("Unit $ref->{'unit'}");

    Notice the lack of a print anywhere in that block.....

    Also it was in the wrong place. Hours beating on this sillyness.

    Yes I had quotes on the REGEXP, in my original version. I kept having to modify it to put it here because it looks nothing like this in the code (and the last version where I hard coded it I forgot to, but it wouldn't have worked anyway because of the problems above.)

    Live and learn I guess. Sorry to waste everyone's time.

Re^4: DBI variable argument count
by anothersmurf (Novice) on Sep 14, 2012 at 21:53 UTC


    I didn't know they were called placeholders until I came to this site. When I google searched for "mysql select placeholders", I discovered this:

    Says: "With most drivers, placeholders can't be used for any element of a statement that would prevent the database server from validating the statement and creating a query execution plan for it."

    So now I guess I need to sanitize the user input for the select statement so there is less risk of attack on that front and simply execute() with no arguments.

      There is no problem using placeholders as arguments in the "WHERE" part of your SQL.


      A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

      My blog: Imperial Deltronics

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://993752]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (3)
As of 2018-05-26 07:20 GMT
Find Nodes?
    Voting Booth?