... until somebody tries to enter a username that contains a '.
No argument with that. The various responses indicating the use of placeholders (including your own) are a better general solution.
My post was based on:
-
Frederic_S seemed to think that the quotes used in the assignment to $user_login_name would be propagated to the SELECT statement: "I thought if I pass the login_name in '' it would work ...".
-
The fact that what he was trying perhaps worked in a different language: "I'm new to perl (coming from PHP) ...".
-
The specific question asked: "... what I'm doing wrong?".
-
The code as presented which didn't indicate any user input.
I might also point out that when I started to type up my response there where no current replies: I wasn't intending to provide a better solution or invalidate any answers that were submitted in the few minutes before my own.
Update: Added a blockquote at the top.
|