Except, of course, that interpolating user-supplied input directly into your SQL statements is
bad ju-ju. Much better would be:
my @where;
my @values;
my $sql = 'select * from table';
if defined $var1 { push @where, 'column1 = ?'; push @values, $var1; }
if defined $var2 { push @where, 'column2 = ?'; push @values, $var2; }
if defined $var3 { push @where, 'column3 = ?'; push @values, $var3; }
$sql = $sql . ' where ' . join(' and ', @where);
my $sth = $dbh->prepare_cached($sql);
$sth->execute(@values);
or
my @values = (undef, $var1, $var2, $var3);
my @where;
my $sql = 'select * from table';
my @defined_values;
foreach my idx (1..3) {
if defined $values[$idx] {
push @where, qq(column$dx = ?);
push @defined_values, $values[$idx];
}
}
$sql = $sql . ' where ' . join(' and ', @where);
my $sth = $dbh->prepare_cached($sql);
$sth->execute(@defined_values);