$sql = "declare \@usrid int, \@sysusrid int " .
"select \@sysusrid = suser_id\(\'$usrname\'\) " .
"select \@usrid = $IDVALUE from $ID " .
"where $IDNAME = \'USR_ID\' " .
"insert into APPUSR (APP_CD, USR_ID, USRNAME, USRFNAME, USRLNAM
+E, FNCGRP_CD, SYSUSR_ID) " .
"values (\'A\', \@usrid, \'$usrname\', \'$first\', \'$full_last
+\', $fncgrp, \@sysusrid)";
Please don't! This code is hard to read and dangerous!
First, this is Perl, not Visual Basic or some other language with restricted string literals. You can write this much more readably. And actually even if you kept using doublequotes you do not need to escape singlequotes. "d\'Artagnan" is equivalent to "d'Artagnan". You could write the code like this:
$sql = qq{
declare \@usrid int, \@sysusrid int
select \@sysusrid = suser_id('$usrname')
select \@usrid = $IDVALUE from $ID
where $IDNAME = 'USR_ID'
insert into APPUSR (APP_CD, USR_ID, USRNAME, USRFNAME, USRLNAME, FNC
+GRP_CD, SYSUSR_ID)
values ('A', \@usrid, '$usrname', '$first', '$full_last', $fncgrp, \
+@sysusrid)
};
Easier on the eyes, isn't it?
In either case it's dangerous! Guess what happens if someone claims his username is "d'Artagnan"? Or maybe "') delete from APPUSR; select length('gotcha" ?
USE placeholders!
my $sth = $$dbhCurrent->prepare( qq{
declare \@usrid int, \@sysusrid int
select \@sysusrid = suser_id(?)
select \@usrid = $IDVALUE from $ID
where $IDNAME = 'USR_ID'
insert into APPUSR (APP_CD, USR_ID, USRNAME, USRFNAME, USRLNAME, FNC
+GRP_CD, SYSUSR_ID) " .
values ('A', \@usrid, ?, ?, ?, ?, \@sysusrid)
};
$sth->execute( $usrname, $usrname, $first, $full_last, $fncgrp);
Your use of $IDVALUE and $ID looks suspicious too, but those two cannot be replaced by placeholders. I do hope they are comming from someplace safe!