LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 11-19-2008, 09:16 AM   #1
resetreset
Senior Member
 
Registered: Mar 2008
Location: India
Distribution: Dynebolic, Ubuntu 10.10
Posts: 1,320

Rep: Reputation: 51
Perl: Want to compare CGI input with data from a MySQL table


Hello,
I have this program:
#! /usr/bin/perl

use DBI ;
use strict ;


use CGI ;
my ($cgi) = new CGI ;


my (@param) = $cgi->param("firstname","lastname","type") ;

my ($dsn)="DBI:mysql:dr:localhost";
my ($user_name) = "fubar" ;
my ($password) = "secret" ;
my ($dbh,$sth) ;
my (@ary) ;


$dbh = DBI->connect ($dsn, $user_name, $password, { RaiseError => 1 });

$sth=$dbh->prepare ("SELECT firstname,lastname,type FROM dts WHERE firstname LIKE $param[0] AND lastname LIKE $param[1] and type LIKE $param[2]" );

$sth->execute ();


and I get this error simply running the program from the command line:

DBD::mysql::st execute failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 at ./submit.cgi line 24.



My question is: is this the right syntax to use, both, for this line:

my (@param) = $cgi->param("firstname","lastname","type") ;


as well as this one:

$sth=$dbh->prepare ("SELECT firstname,lastname,type FROM dts WHERE firstname LIKE $param[0] AND lastname LIKE $param[1] and type LIKE $param[2]" );

or should there be quotes around the $param[0] or something? (also is it $param[0] or $param(0)?)



Thanks.
 
Old 11-20-2008, 06:58 AM   #2
secesh
Senior Member
 
Registered: Sep 2004
Location: Savannah, GA
Distribution: Ubuntu, Gentoo, Mythbuntu, ClarkConnect
Posts: 1,154

Rep: Reputation: 47
Check your syntax

Right off, I notice that you aren't quoting strings:

Code:
$sth=$dbh->prepare (qq{SELECT firstname,lastname,type FROM dts 
                       WHERE firstname LIKE "$param[0]" AND 
                             lastname LIKE "$param[1]" AND 
                             type LIKE "$param[2]"} );
You're also using LIKE with no variable (% is wildcard)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Building a table to display from user input: PHP, MySQL deesto Programming 11 06-11-2008 05:25 PM
[Perl] cgi.pm - save input in .html file noir911 Programming 2 01-07-2007 02:36 PM
perl CGI + dynamic table generation kurrupt Programming 8 09-27-2006 10:25 PM
/perl/php/cgi/mysql dramous Linux - Newbie 0 10-08-2004 05:11 PM
retriving mysql data, and placing it inside a table in html using perl rhuser Programming 1 03-12-2003 05:04 AM


All times are GMT -5. The time now is 05:25 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration