On 07/02/2008, Matt S Trout <[EMAIL PROTECTED]> wrote: > On Wed, Feb 06, 2008 at 01:14:22PM +0000, Carl Franks wrote: > > On 06/02/2008, Matt S Trout <[EMAIL PROTECTED]> wrote: > > > On Wed, Feb 06, 2008 at 10:34:09AM +0000, Carl Franks wrote: > > > > Here's a minor patch to address an issue that I found a solution for > > > > in the list archives, but couldn't find in the docs anywhere. > > > > > > > > It's against > > > > http://dev.catalyst.perl.org/repos/bast/DBIx-Class/0.08/trunk > > > > if it should be against a different location and doesn't patch > > > > cleanly, let me know and I'll fix it. > > > > > > { name => { like => $query } } > > > > > > works for that. > > > > Did you maybe miss the leading and trailing '%' wildcards? > > To simplify the example, yes. > > The point is the bind => isn't needed at all.
> Though I don't quite get why you called the example "escaping user input", > we bind the value parts of everything in where just the same way. "user error" I was initially using { name => { like => "%$query%" } } but I incorrectly thought that bind would escape the '%' in a string, and so concluded that using that construct wasn't using bind. I've checked the source for both DBI's quote() method and mysql's mysql_real_escape_string() and can see that neither escape wildcard characters. I've switched back to using { name => { like => "%$query%" } } and have confirmed that quotes are being correctly escaped (e.g. searching for "o'reilly") and the wildcard characters are working as well. Sorry for the noise - the above quoted message was the only one I could find in the archives that seemed relevant - but I missed the fact that $query was being used twice in that code, in the 'where' and the 'order_by'. And I can see now, that I was incorrectly passing 2 bind variables, when only 1 was needed by the query - I'm surprised sqlite didn't throw an error for that. Carl _______________________________________________ List: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/dbix-class IRC: irc.perl.org#dbix-class SVN: http://dev.catalyst.perl.org/repos/bast/DBIx-Class/ Searchable Archive: http://www.grokbase.com/group/[EMAIL PROTECTED]