Couple of tangential notes:
- Be very careful where whatever input you're using is coming from that you're building your SQL select statement up otherwise you're asking for an injection attack.
-
Also if you used join to build your list of column names (join(q{,},@ticketsFields)) you don't have to go back and clean up the extraneous trailing comma (and that's still not going to insulate from injection problems if someone can get "garbage" into the list).
The cake is a lie.
The cake is a lie.
The cake is a lie.