Hi Mark,
If your variables are strictly internal and by no means might be ever
tainted (read: user input), what you're doing is mostly ok.
But you need to quote the dates passed within query itself, like this:
my $sql = qq/SELECT * FROM `events` WHERE `date` BETWEEN '$begin_time' AND
'$end_time'/;
*(qq, of course, not q: you'd like your variables to be interpolated, would
you? :)*
But there's another (and in my opinion, usually better) way: using prepared
sql statement:
my $sth = $dbh->prepare(q/
SELECT * FROM `events` WHERE `date` BETWEEN ? AND ?
/);
$sth->execute($begin_time, $end_time);
This method is safer, but a little (or not, depending on driver and DB
used) bit slower than direct queries.
Have to say that I usually prefer even simpler DBI methods, like
selectall_arrayref, combining the power of `prepare`, `execute` and `fetch`
methods in one statement. But that's a matter of taste, I guess. )
-- iD
P.S. BTW, if you want to know the reason why particular SQL query fails,
just call errstr method of your DBI object (like $dbh->errstr) - and print
the result. )
2011/12/30 Mark Haney <ma...@abemblem.com>
> I'm not sure if this is the right list for this, so bear with me. If it
> isn't I'll be glad to post it on the correct one.
>
> I've got a problem with passing variables to a SQL server inside a CGI
> script. My code is like this:
>
> my $begin_time = "2011-11-16 11:00:00";
> my $end_time = "2011-11-16 12:00:00";
>
> my $dbh = DBI->connect('dbi:mysql:**database=embdev', 'user', 'password');
>
> my $sql = q/SELECT * FROM events WHERE date BETWEEN $begin_time and
> $end_time/;
>
> my $sth = $dbh->prepare($sql);
> $sth->execute();
>
> I'm not sure why it's not using the the variables, can someone point out
> what I'm doing wrong?
>
> -----
> Mark Haney
>
>
> --
> To unsubscribe, e-mail: beginners-unsubscr...@perl.org
> For additional commands, e-mail: beginners-h...@perl.org
> http://learn.perl.org/
>
>
>
