Hi Mark, If your variables are strictly internal and by no means might be ever tainted (read: user input), what you're doing is mostly ok. But you need to quote the dates passed within query itself, like this:
my $sql = qq/SELECT * FROM `events` WHERE `date` BETWEEN '$begin_time' AND '$end_time'/; *(qq, of course, not q: you'd like your variables to be interpolated, would you? :)* But there's another (and in my opinion, usually better) way: using prepared sql statement: my $sth = $dbh->prepare(q/ SELECT * FROM `events` WHERE `date` BETWEEN ? AND ? /); $sth->execute($begin_time, $end_time); This method is safer, but a little (or not, depending on driver and DB used) bit slower than direct queries. Have to say that I usually prefer even simpler DBI methods, like selectall_arrayref, combining the power of `prepare`, `execute` and `fetch` methods in one statement. But that's a matter of taste, I guess. ) -- iD P.S. BTW, if you want to know the reason why particular SQL query fails, just call errstr method of your DBI object (like $dbh->errstr) - and print the result. ) 2011/12/30 Mark Haney <ma...@abemblem.com> > I'm not sure if this is the right list for this, so bear with me. If it > isn't I'll be glad to post it on the correct one. > > I've got a problem with passing variables to a SQL server inside a CGI > script. My code is like this: > > my $begin_time = "2011-11-16 11:00:00"; > my $end_time = "2011-11-16 12:00:00"; > > my $dbh = DBI->connect('dbi:mysql:**database=embdev', 'user', 'password'); > > my $sql = q/SELECT * FROM events WHERE date BETWEEN $begin_time and > $end_time/; > > my $sth = $dbh->prepare($sql); > $sth->execute(); > > I'm not sure why it's not using the the variables, can someone point out > what I'm doing wrong? > > ----- > Mark Haney > > > -- > To unsubscribe, e-mail: beginners-unsubscr...@perl.org > For additional commands, e-mail: beginners-h...@perl.org > http://learn.perl.org/ > > >