J.I. Asenjo [mailto:[EMAIL PROTECTED] wrote:
>
> On Thu, 09 Feb 2006, 11:33:32AM -0000ยจ, Martin J. Evans said:
> > I think that wants to be
> > prepare(q/SELECT * FROM logs where datetime like ?/)
>
> I had already tried that, it does not work either, but thanks anyway.
Why would you use LIKE with a datetime field anyway? LIKE is for comparing
strings, not dates.
In any case, it does work, as long as you're binding the right value:
my $datetime = <>;
chomp($datetime);
my $sth = $dbh->prepare(q/SELECT * FROM logs where datetime like ?/);
$sth->execute("%$datetime%");
> > i.e. no quotes around the ?. DBD::mysql is telling you there are no
> parameters
> > in the query -> "called with 1 bind variables when 0 are needed"
> >
> > However, you might have problems doing a like on datetime field.
>
> yes, I can see that :). Oh, well, I'll just have to interpolate it,
> never mind.
You should try to avoid interpolating user-supplied values into your SQL.
It is a significant security risk, besides being less efficient.
Ronald
