http://www.perlmonks.org?node_id=699533


in reply to DBI confusion

What I do in my scripts is setting the RaiseError option to 1, and let it take care of all errors.

Then you can do something along these lines:

my $sth = $dbh->prepare("SELECT password FROM table WHERE userName = ? +"); $sth->execute($username); if ($sth->selectrow_array){ print "logged in\n"; }

Please don't ever interpolate data into your SQL queries, use placeholders like I did in the example above. If you interpolate data, you're not safe against SQL injection - what if the user name actually is evil ' or '' = '?

Replies are listed 'Best First'.
Re^2: DBI confusion
by choroba (Bishop) on Jun 01, 2017 at 08:45 UTC
    selectrow_array is a method of the database handle, the method of the statement handle is called fetchrow_array. See DBI.
    ($q=q:Sq=~/;[c](.)(.)/;chr(-||-|5+lengthSq)`"S|oS2"`map{chr |+ord }map{substrSq`S_+|`|}3E|-|`7**2-3:)=~y+S|`+$1,++print+eval$q,q,a,