Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re: security question, mysql, limit, dbi, and placeholders

by Anonymous Monk
on Apr 25, 2003 at 20:38 UTC ( [id://253245]=note: print w/replies, xml ) Need Help??


in reply to security question, mysql, limit, dbi, and placeholders

Have you tested the search without the LIMIT? Because I suspect the error is elsewhere in your SQL. I don't know MySQL, but other databases I have seen want values in the list for the IN statement. Column names don't work. You might try rewriting it like this: 
SELECT * FROM products WHERE prod_name = ? OR prod_desc = ?

[download]
Also, PostgreSQL doesn't support placeholders for the number after the LIMIT. MySQL may have the same limitation. If you can't use placeholders, you will need to interpolate the value when you construct the SQL. This means you must be careful about validating the value to be a number.

Replies are listed 'Best First'.
Re: Re: security question, mysql, limit, dbi, and placeholders
by pfaut (Priest) on Apr 25, 2003 at 21:05 UTC
    Also, PostgreSQL doesn't support placeholders for the number after the LIMIT.

    Yes it does.

    #!/usr/bin/perl -w
use strict;
use DBI;
my $dbh = DBI->connect("dbi:Pg:dbname=pfau")
    or die "Unable to connect to db: $DBI::errstr";
$dbh->{RaiseError} = 1;
my $s = $dbh->prepare("select relname from pg_class limit ? offset ?")
+;
my $r = $s->execute(3,10);
while (my @row = $s->fetchrow_array) {
    print "Table: $row[0]\n";
}
$s->finish;
$dbh->disconnect;

    [download]

    Produces:

    Table: pg_attrdef
Table: pg_toast_17086_idx
Table: pg_trigger

    [download]
    90% of every Perl application is already written.
    dragonchild
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://253245]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others about the Monastery: (2)
As of 2024-04-25 20:57 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found