我有一个Perl DBI语句
my $sql_statement = "select c.* ".
"from meter_category c ".
"where c.category = ".$current_category." ".
"and c.effective_date <= ".
$DBHdl->quote($time_stamp)." ".
"and c.meter_size = ".$meter_size." ".
"order by c.effective_date desc ; ";
$DBHdl 是一个Informix数据库句柄.
声明如下:
select c.*
from meter_category c
where c.category = 1
and c.effective_date <= '09/20/2013'
and c.meter_size = 0.63
order by c.effective_date desc ;
在我的函数中的某个时刻,我想设置$current_category为2,然后修改$ sql_statement.
后
$current_category = 2;
eval $sql_statement
不会改变$ sql_statement,所以c.category = 2.
有没有办法执行替换,还是我必须重新发布声明?
我使用以下代码为$ current_category的每个值准备和执行查询.
my $ptSelHdl = $DBHdl->prepare($sql_statement);
die("Could not prepare \$sql_statement for meter charge.\n")
if(!$ptSelHdl || !$ptSelHdl->execute);
Rob*_*arl 10
使用占位符(?下面的语句中的s)来表示执行语句时将提供的值:
my $sql_statement = "select c.* ".
"from meter_category c ".
"where c.category = ? ".
"and c.effective_date <= ?".
"and c.meter_size = ? ".
"order by c.effective_date desc ; ";
my $sth = $DBHdl->prepare($sql_statement)
or die "Could not prepare \$sql_statement for meter charge: " . $dbh->errstr;
$sth->execute($current_category, $time_stamp, $meter_size)
or die "Could not execute \$sql_statement for meter charge: " . $dbh->errstr;
然后您可以使用不同的参数多次执行它,例如:
# Modify $current_category and re-execute
$current_category = 2;
$sth->execute($current_category, $time_stamp, $meter_size)
or die "Could not execute \$sql_statement for meter charge: " . $dbh->errstr;
使用占位符是一种很好的做法,因为如果您的任何变量来自不受信任的来源,它们也会保护您免受SQL注入攻击.
| 归档时间: |
|
| 查看次数: |
97 次 |
| 最近记录: |