Note that quoting or placeholder functions will not work for database identifiers like table names, and only for content. So code like:
my $query = $dbh->prepare('CREATE TABLE ?');
$query->execute('TABLE_NAME');
will fail because the database engine will render that as
CREATE TABLE 'TABLE_NAME'
which is nonsense syntax.
#11929 First ask yourself `How would I do this without a computer?' Then have the computer do it the same way.
| [reply] [d/l] [select] |
Note that quoting or placeholder functions will not work for database identifiers like table names
DBI has a quote_identifier() method that handles all required quoting of database identifiers. Unfortunately, you can't use placeholders for identifiers, so you have to call quote_identifier() manually, like this:
my $cmd='create table '.$dbh->quote_identifier($tablename);
$dbh->do($cmd);
And by the way: There is also a quote() method in DBI. For all but some very exotic cases, just forget that it exists and use placeholders. I think quote() should die or at least warn when being called from non-DBI, non-DBD code. It is usually just wrong to use it instead of using placeholders. See Re: Counting rows Sqlite, Re^2: Massive Memory Leak, Re^3: Variable interpolation in a file to be read in, Re^5: Variable interpolation in a file to be read in for more details.
Alexander
--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
| [reply] [d/l] [select] |
Thanks so much for the alternative approaches. I'll pick one. | [reply] |