I'm doing something like this:
my $schools = $c->model('RegistrationDB::University')->search(
{ name => { like => "%$query%" } },
{
rows => 20,
select => [qw/name university_id state city zip/],
order_by => [
"LOCATE(\"$query\",name)",
"name",
"state",
"city"
]
}
);
which works fine, except for when that $query variable has quotes. Whats
the proper way to escape this? Or is there some way to reformulate this
code in a better way? I'm typically used to using parameterized queries and
such to make things sql safe, so how is it done here?
Thanks!
John
_______________________________________________
List: http://lists.rawmode.org/cgi-bin/mailman/listinfo/dbix-class
Wiki: http://dbix-class.shadowcatsystems.co.uk/
IRC: irc.perl.org#dbix-class
SVN: http://dev.catalyst.perl.org/repos/bast/trunk/DBIx-Class/
Searchable Archive: http://www.mail-archive.com/[email protected]/
