DBD::mysql is doing what is it supposed to do. 'NOW()' is a 5 character string, not a function. Placeholders pass values, not syntactic elements.
Right. This is a distinction I've not seen made in any of the DBI docs, but it's a pretty important one.
It's in http://search.cpan.org/author/TIMB/DBI-1.37/DBI.pm where bind_param() is described. I recently submitted a patch to move the discussion to the section on placeholders where it will hopefully be easier to find.
I'm not sure exactly what you're referring to here - I can't see anything that addresses
this issue directly, unless it's the stuff about placeholders not containing data that the
DB needs to create an execution plan - but that isn't really relevant here AFAICS.
OK, that makes sense, though it didn't occur to me immediately. Is this clear to allThat's more of a pain. I guess that implies that any SQL of the form:
INSERT INTO TestTable (dob, profession, age, name) VALUES (<function>,<value1>,<value2>,<value2>)
where <function> is an arbitrary combination of functions and values must be prepared like:
INSERT INTO TestTable (dob, profession, age, name) VALUES (<function>,?,?,?)
and executed like:
$sth->execute(<value1>, <value2>, <value3>);
The function must be in the prepared SQL, the values do not. A common example in Oracle is:
$dbh -> {RaiseError} = 1;
my $sth = $dbh -> prepare( join "\n",
'INSERT INTO testtable ( dob, profession, age, name )',
' VALUES ( TO_DATE( ?, 'YYYY-MM-DD' ), ?, ?, ? )' );
END_SQL
$sth -> execute( $date, $proffession, $age, $name );
but me ? A quick google didn't throw up any refs to this kind of question, so maybe
I'm just a little slow on the uptake.
Steve Collyer
