Are you not able to use placeholders with Oracle stored procedures? It's much safer as everything will be quoted correctly and you can avoid an SQL injection attack. (both of the following are untested and just here to show you how the methods work)
my $sql = 'exec OSP_FOO_BAR( ?, ?, ? )';
my $sth = $dbh->prepare($sql);
$sth->execute($xvar, $yvar, $zvar);
$dbh->commit();
If you can't use placeholders there, use the quote() function.
$_ = $dbh->quote($_) foreach $xvar, $yvar, $zvar; # foreach aliases $_
$SQLString = "exec OSP_FOO_BAR( $xvar, $yvar, $zvar )";
$dbh->do($SQLString);
$dbh->commit();
Cheers,
Ovid
Looking for work. Here's my resume. Will work for food (plus salary). New address of my CGI Course.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|