Re: bind_param oddity?
- From: scoles@xxxxxxxxxxx (John Scoles)
- Date: Wed, 22 Nov 2006 13:11:28 -0500
Also you would leave your DB wide open to SQL insertion attacks if one could
do this soit is good that they don't.
""Kevin Spencer"" <kev.spencer@xxxxxxxxx> wrote in message
news:7f5545290611220910k4312a12epa193793901663b36@xxxxxxxxxxxxxxxxx
Hi guys,
I'm sure I'm missing something *very* obvious but this one has me
scratching my head. Using DBI 1.52, DBD::mysql 3.0007, Perl 5.8.8,
MySQL 5.0.18.
The following code executes fine:
my $table = 'CCHISTORY';
my $status = 'D';
my $limit = 86400;
my $SQL = <<EOSQL;
select count(*) from $table
where TRXSTATUS = '$status'
and (UNIX_TIMESTAMP() - UNIX_TIMESTAMP(TRXTIMESTAMP)) < $limit
EOSQL
my $sth = $dbh->prepare($SQL) || die $DBI::errstr, "\n";
$sth->execute() || die $sth->errstr(), "\n";
Now, because I want use use placeholders instead, I attempt the following:
my $SQL = <<EOSQL;
select count(*) from ?
where TRXSTATUS = ?
and (UNIX_TIMESTAMP() - UNIX_TIMESTAMP(TRXTIMESTAMP)) < ?
EOSQL
my $sth = $dbh->prepare($SQL) || die $DBI::errstr, "\n";
my $table = 'CCHISTORY';
my $status = 'D';
my $limit = 86400;
my @bindParams = ($table, $status, $limit);
$sth->execute(@bindParams) || die $sth->errstr(), "\n";
Which fails with:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server for the right syntax to use near
''CCHISTORY'
and TRXSTATUS = 'D'
and (UNIX_TIMESTAMP() - UNIX_TIMESTAMP(TRXTIMEST' at line 1
Anyone see an obvious error in my code that I'm overlooking?
Thanks.
--
Kevin.
.
- References:
- bind_param oddity?
- From: Kevin Spencer
- bind_param oddity?
- Prev by Date: Re: bind_param oddity?
- Next by Date: Re: Possible strange problem in DBI::type_info()
- Previous by thread: Re: bind_param oddity?
- Next by thread: RE: bind_param oddity?
- Index(es):
