From: "mb" <[EMAIL PROTECTED]>
> Hi,
>
> I'm trying to execute a SQL statement asking three tables on a DBI
> database connection. The database is a commertiale one (diff from
> MySQL) .... I think that my SQL statement is right :
>
> my($stmt) = "select AS_QteSto from art F_ARTICLE,dep
> F_DEPOT,sto F_ARTSTOCK where art.AR_Ref='$code' and
> dep.DE_Intitule='$depot' and art.AR_Ref=sto.AR_Ref and
> dep.DE_No=sto.DE_No";
No it's not right.
I believe the table (or view) names are F_ARTICLE, F_DEPOT and
F_ARTSTOCK right? In that case you should revert the pairs in the
FROM clause:
...
FROM F_ARTICLE art, F_DEPOT dep, F_ARTSTOCK sto
...
or
...
FROM F_ARTICLE as art, F_DEPOT as dep,
F_ARTSTOCK as sto
...
Another problem is that you are blindly inserting some text (that
you probably got from the users) into the SQL string without
escaping special characters. Guess what happens if $depot
contains a singlequote!
You either have to escape them (using $dbh->quote()) or to use
placeholders:
$stmt = $dbh->prepare("SELECT ... WHERE ...
dep.DE_Intitule = ? and ...");
$stmt->execute($code, $depot);
Jenda
=========== [EMAIL PROTECTED] == http://Jenda.Krynicky.cz ==========
There is a reason for living. There must be. I've seen it somewhere.
It's just that in the mess on my table ... and in my brain.
I can't find it.
--- me
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
