Re: executing a OSP with CGI


Perl: the Markov chain saw
	PerlMonks

Re: executing a OSP with CGI

by Ovid (Cardinal)

on Jul 15, 2003 at 19:30 UTC ( [id://274540]=note: print w/replies, xml )

Need Help??

in reply to executing a OSP with CGI

Are you not able to use placeholders with Oracle stored procedures? It's much safer as everything will be quoted correctly and you can avoid an SQL injection attack. (both of the following are untested and just here to show you how the methods work)

my $sql = 'exec OSP_FOO_BAR( ?, ?, ? )';
my $sth = $dbh->prepare($sql);
$sth->execute($xvar, $yvar, $zvar);
$dbh->commit();
[download]

If you can't use placeholders there, use the quote() function.

$_ = $dbh->quote($_) foreach $xvar, $yvar, $zvar; # foreach aliases $_
$SQLString = "exec OSP_FOO_BAR( $xvar, $yvar, $zvar )";
$dbh->do($SQLString);      
$dbh->commit();
[download]

Cheers,
Ovid

Looking for work. Here's my resume. Will work for food (plus salary).
New address of my CGI Course.

Comment on Re: executing a OSP with CGI Select or Download Code

Replies are listed 'Best First'.
Re: Re: executing a OSP with CGI by eric256 (Parson) on Jul 15, 2003 at 20:12 UTC
Or even $dbh->do('exec OSP_FOO_BAR( ?, ?, ? )',undef,$xvar, $yvar, $zvar); will work. At least i've used that style many times for inserts, or updates. Eric Hodges	[reply]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://274540]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others making s'mores by the fire in the courtyard of the Monastery: (4)

As of 2024-04-26 04:25 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found