However, DBI should escape the underscore in the code above, correct?
No, DBI has no knowledge of the context in which the bind variable sits... it just knows that it is binding in a literal string. Also, the ~~* operator is just acting from string onto another (it's not like perl where a pattern is a slightly different syntactic element than a plain old character string).
Now, I don't know if the same syntax holds for Postgress as for Oracle... but in oracle SQL, you'd escape an underscore by doing something like:
my $usernameescaped = $username;
$usernameescaped =~ s/([\%_])/\\$1/g;
my $sth = $dbh->prepare("SELECT uid FROM user_accounts WHERE username
+like ? escape '\\'");
$sth->execute($usernameescaped);
my ($uid) = $sth->fetchrow_array;
That is, you use an escape character, and then you inform the database of what that escape character is (using the "escape" clause to your "like" match). You don't have to use a backslash, but I generally do, because backslash is what the cool kids use. :-D
------------
:Wq
Not an editor command: Wq
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|
