Re: cgi ordering a table with sql

From: "Pat Rice" <patrick.j.rice@xxxxxxxxx>

Hi all
I'm trying to get the following working
what I want to do is to click on the link and it would order the
table, through the SQL query.

I think the problem is that when I click on on the link to ORDER BY it
fails, that is it does not change the order of the table. I wondering
does anyone know how I can confirm that the ? is correct, as in what
is being passed to the query. but I'm prety sure that I am passing the
correct arguments to the SQL query,
i.e.
my $sth = $dbh->prepare('SELECT * FROM test1 ORDER BY ?');

Thanks in advance
Pat

Most databases would not let you prepare a statement like this. Most
often only values may be replaced by placeholders, not column names.

For a good reason actually, the prepare should give the database
enough information to generate an execution plan ... the database
needs to know how it is going to evaluate the query, what indexes it
will use etc. And the ordering may very well affect this (it should,
you do create indexes for your tables, right?).

If this works somewhere I bet the placeholders are actually
implemented within the Perl layer instead of passing the prepared
statement to the database, obtaining a handle and then sending just
the handle and the values.

So in this particular case you have to stop using placeholders. You
SHOULD make sure the $sortby is always only one of the allowed
strings, nothing else!

Jenda
===== Jenda@xxxxxxxxxxx === http://Jenda.Krynicky.cz =====
When it comes to wine, women and song, wizards are allowed
to get drunk and croon as much as they like.
-- Terry Pratchett in Sourcery

.

Relevant Pages

  • Re: Cannot insert certain characters in SQL Server
    ... If you build the SQL query yourself, remember that you have to put an N in front of a string constant to make it Unicode. ... If I print the insert statement to the console window prior to passing it to the database, the characters are correct. ...
    (microsoft.public.dotnet.languages.csharp)
  • RE: Recursive SQL query?
    ... I don't know if other database vendors support this. ... Subject: Recursive SQL query? ... You shouldn't really need to go recursing through a data ... key that references that same table's primary key. ...
    (perl.dbi.users)
  • RE: Expression Builder basic question on syntax / Or / how to incorpor
    ... it is always best to avoid unnecessary hits on the database. ... Use only the control name without the Me. ... runtime error on the textbox. ... This SQL query works, ...
    (microsoft.public.access.formscoding)
  • Fw: Need some MySQL query help...
    ... passed to the database. ... I also suggest using placeholders - if you have quoting issues, ... passwd entry to the current database entry. ...
    (perl.dbi.users)
  • RE: Need some MySQL query help...
    ... passed to the database. ... I also suggest using placeholders - if you have quoting issues, ... passwd entry to the current database entry. ...
    (perl.dbi.users)