However, DBI should escape the underscore in the code above, correct?
No, DBI has no knowledge of the context in which the bind variable sits... it just knows that it is binding in a literal string. Also, the ~~* operator is just acting from string onto another (it's not like perl where a pattern is a slightly different syntactic element than a plain old character string).
Now, I don't know if the same syntax holds for Postgress as for Oracle... but in oracle SQL, you'd escape an underscore by doing something like:
my $usernameescaped = $username;
$usernameescaped =~ s/([\%_])/\\$1/g;
my $sth = $dbh->prepare("SELECT uid FROM user_accounts WHERE username
+like ? escape '\\'");
$sth->execute($usernameescaped);
my ($uid) = $sth->fetchrow_array;
That is, you use an escape character, and then you inform the database of what that escape character is (using the "escape" clause to your "like" match). You don't have to use a backslash, but I generally do, because backslash is what the cool kids use. :-D
------------
:Wq
Not an editor command: Wq