7 messages in com.mysql.lists.perlRe: Quoting problem| From | Sent On | Attachments |
|---|---|---|
| Alec Smith | 02 Mar 2001 04:04 | |
| Brock Murch | 02 Mar 2001 05:19 | |
| Jay Lawrence | 02 Mar 2001 07:50 | |
| ed phillips | 02 Mar 2001 07:51 | |
| ed phillips | 02 Mar 2001 09:07 | |
| ja...@lawrence.net | 02 Mar 2001 10:17 | |
| ed phillips | 02 Mar 2001 10:52 |
| Subject: | Re: Quoting problem |
|---|---|
| From: | Brock Murch (bmu...@usgs.gov) |
| Date: | 03/02/2001 05:19:38 AM |
| List: | com.mysql.lists.perl |
Alex:
See DBI(3) for details on the quote and do methods. I printed out the whole
thing and
find it very helpful.
perldoc DBI
In the first instance the prepare method: $query = $db->prepare("SELECT 'member_id','username','password' FROM profiles where username=\'$post{'username'}\'");
is the same method as: $query = $db->prepare("SELECT 'member_id','username','password' FROM profiles where username=$post{'username'}");
Just the statement is different. Thus, just as the me@hotmail needs to be
written as
me\@hotmail now, you still would need, I think, to have $post{'username'}
written as
\'$post{'username'}\' ... as the way it is quoted inside the prepare statement
is
independent of its value.
Also, you change the value of $post{'username'} with the $db->quote method. And
still
expect the:
if (($result->[1] eq $post{'username'}) && ($result->[2] eq $post{'password'}))
to work the same even though the $post{'username'} value is somewhat different
than you
expect.
Always, if possible, assign values to new scalars, etc., and then work on the
copies,
unless it is too cumbersome, or you really need/want to. That way you can always
get
back to your original value.
I'm no expert, however, making your SQL statement in advance is simpler...
$SQLstatement = "SELECT member_id, username, password FROM profiles where username=".$post{'username'};
print $SQLstatement."\n" if $debug; #to make sure it looks right
unless ($debug) { $db->quote($SQLstatement); $query = $db->prepare($SQLstatement); $query->execute; ...
$query->finish; }
If I'm out to lunch, sorry!
Alec Smith wrote:
The below code snippet works perfectly for me:
$query = $db->prepare("SELECT 'member_id','username','password' FROM profiles where username=\'$post{'username'}\'"); $query->execute; $result_rows = $query->rows;
if ($result_rows != 0) { $result = $query->fetchrow_arrayref;
if (($result->[1] eq $post{'username'}) && ($result->[2] eq $post{'password'})) { $member_id = $result->[0]; } else { No match found code } }
However
$post{'username'} = $db->quote($post{'username'}); $query = $db->prepare("SELECT 'member_id','username','password' FROM profiles where username=$post{'username'}"); $query->execute; $result_rows = $query->rows;
if ($result_rows != 0) { $result = $query->fetchrow_arrayref;
if (($result->[1] eq $post{'username'}) && ($result->[2] eq $post{'password'})) { $member_id = $result->[0]; } else { no match found code }
results in the else{ ... } clause being executed. Any ideas why? I'm lost... I'm running under Apache/1.3.24+mod_perl-1.24+DBI-1.14+perl-DBD-msql-mysql-1.2214
Any tips are much appreciated....
Alec
---------------------------------------------------------------------
Please check "http://www.mysql.com/Manual_chapter/manual_toc.html" before
posting. To request this thread, e-mail
msql...@lists.mysql.com
To unsubscribe, send a message to the address shown in the List-Unsubscribe header of this message. If you cannot see it, e-mail msql...@lists.mysql.com instead.
-- Brock Murch Data Programmer http://coastal.er.usgs.gov
US Geological Survey Center for Coastal Geology 600 4th Street South St. Petersburg, FL 33701 ph: (727) 803-8747 x3089 fax: (727) 803-2032 email: bmu...@usgs.gov