Home > Archive > PERL Beginners > August 2005 > escaping values (DBD::mysql)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
escaping values (DBD::mysql)
|
|
| Octavian Rasnita 2005-07-31, 8:59 am |
| Hi,
I want to use a query like:
select ... limit 0,30;
but I cannot use:
$sth = $dbh->prepare("select ... limit ?,?");
$sth->execute(0, 30);
.... because DBI replaces the values entered with '0' and '30' and the query
won't be valid.
Is there a method to escape the values entered directly, and not by using
another module or regular expression?
Thank you.
Teddy
| |
| Jeff 'japhy' Pinyan 2005-08-02, 4:59 pm |
| On Jul 31, Octavian Rasnita said:
> select ... limit 0,30;
>
> but I cannot use:
>
> $sth = $dbh->prepare("select ... limit ?,?");
> $sth->execute(0, 30);
>
> ... because DBI replaces the values entered with '0' and '30' and the query
> won't be valid.
No, you probably can't do that because your SQL engine doesn't allow
placeholders in LIMIT. All you need to do is make sure the values are
non-negative integers, and you can write
$sth = $dbh->prepare("select ... limit $start, $length");
If you need to escape things, you $dbh->quote(...).
--
Jeff "japhy" Pinyan % How can we ever be the sold short or
RPI Acacia Brother #734 % the cheated, we who for every service
http://japhy.perlmonk.org/ % have long ago been overpaid?
http://www.perlmonks.org/ % -- Meister Eckhart
|
|
|
|
|