On 2014-07-27 23:07:02 +1000, Stuart Cooper wrote: > Because of your missing a backquote you effectively got an SQL statement > with 0 bind variables.
Yes, however:
[...]
> On Sun, Jul 27, 2014 at 7:44 PM, Meir Guttman <m...@guttman.co.il> wrote:
[...]
> my $sql = qq(
> REPLACE INTO `test.`params`
> -- missing ^
> -- back-tick |
> -- here ----------+
> (`ID`,`AsOf_date`,`Value`) VALUES
> (?,?,?)
> );
>
> my $sth = $dbh->prepare($sql) // die "'prepare' error:\n$DBI::errstr";
One would naively expect that prepare would notice the syntax error and
return an error here, instead of returning a valid statement handle with
0 placeholders.
> my $affected = $sth->execute('0123', '2014-06-24', 1000) // die "'execute'
> error:\n$DBI::errstr";
So this would never be reached.
However, not all RDBMSs support proper prepared statements and bind
values, and even for those that do, the driver may not use them
(DBD::mysql only uses them if mysql_server_prepare is set). If they
aren't used they must be simulated by inserting properly quoted strings
into the statement and the database will only see the final, composed
statement. So it's possible that the wrong number of parameters is
noticed before a syntax error.
I still think this is a bug: The backquotes are obviously considered
while scanning for placeholders, so the fact that they are mismatched
should be noticed.
hp
--
_ | Peter J. Holzer | I think we need two definitions:
|_|_) | WSR - Softwaredevelopment | 1) The problem the *users* want us to solve
| | | und Projektunterstützung | 2) The problem our solution addresses.
__/ | h...@wsr.ac.at | -- Phillip Hallam-Baker on spam
signature.asc
Description: Digital signature
