It is concidered rather poor form it create you sql on the fly so while
my $sql='Select $field1, $field2 from test_table where $field1=$var1 and
$field2=$var2
is ok
you are opening yourself to a host of problems such as
1) "hacking" with SQL insertion
2) problems with using ' and " if you field are strings
3) and a number of other reaseons Style,maintainablity scaleabilit
buch better to do this
my $sql='Select name,year from test_table where name=:name and year=:year
$c = $db->prepare($sql);
$c->bind_param(":name",$var1 );
$c->bind_param(":year",$var2 );
$c->execute();
abd let DBI do the formating of ' for you
cheers
""Ravi Malghan"" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi: could you please provide more detail on what you mean by bind
> variable?
> Thanks
> Ravi
> ""Andy Hassall"" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
>> Use two statements. You can't combine them into one like that.
>> (without amounts of pain far exceeding that of just executing two
>> separate
>> statements)
>>
>> Shouldn't you be using a bind variable instead of interpolating $period
>> into
>> the SQL as well?
>>
>> --
>> Andy Hassall :: [EMAIL PROTECTED] :: http://www.andyh.co.uk
>> http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool
>>
>> -----Original Message-----
>> From: Ravi Malghan [mailto:[EMAIL PROTECTED]
>> Sent: 27 November 2006 22:55
>> To: dbi-users@perl.org
>> Subject: DBD Oracle: multiple statements in a single execute?
>>
>> Hi: my dba has asked to execute a alter statement before the select
>> statement. So I need to run the following
>>
>> alter session set db_file_multiblock_read_count = 128;
>> SELECT ED.utime, ED.info, ED.agent_id FROM EVENT_DATA ED WHERE ED.utime
>> between $period order by ED.utime;
>>
>> where $period is a string such as "190 and 300".
>>
>> I tried the following
>> my $sql = qq{
>> BEGIN
>> alter session set db_file_multiblock_read_count = 128;
>> SELECT ED.utime, ED.info, ED.agent_id FROM EVENT_DATA ED WHERE
>> ED.utime between $period order by ED.utime;
>> END; };
>> print "Running\n$sql\n";
>> my $sth = $dbh->prepare($sql);
>> $sth->execute();
>>
>>
>> I get the following error
>> ====================
>> DBD::Oracle::st execute failed: ORA-06550: line 3, column 5:
>> PLS-00103: Encountered the symbol "ALTER" when expecting one of the
>> following:
>>
>> begin case declare exit for goto if loop mod null pragma
>> raise return select update while with <an identifier>
>> <a double-quoted delimited-identifier> <a bind variable> <<
>> close current delete fetch lock insert open rollback
>> savepoint set sql execute commit forall merge
>> <a single-quoted SQL string> pipe
>> The symbol "update was inserted before "ALTER" to continue. (DBD ERROR:
>> error possibly near <*> indicator at char 14 in '
>> BEGIN
>> <*>alter session set
>> db_file_multiblock_read_count = 128;
>> SELECT ED.utime, ED.info, ED.agent_id FROM
>> EVENT_DATA ED WHERE ED.utime between 1164650400 and 1164653940 order by
>> ED.utime;
>> END; ') [for Statement "
>> BEGIN
>> alter session set
>> db_file_multiblock_read_count = 128;
>> SELECT ED.utime, ED.info, ED.agent_id FROM
>> EVENT_DATA ED WHERE ED.utime between 1164650400 and 1164653940 order by
>> ED.utime;
>> END; "] at
>> /actuate/AcServer/reports_scripts/report_functions.pl line 48.
>> =========================
>>
>> Could someone help.
>>
>> Thanks
>> Ravi
>>
>
>
