Perl: Want to compare CGI input with data from a MySQL table
Hello,
I have this program: #! /usr/bin/perl use DBI ; use strict ; use CGI ; my ($cgi) = new CGI ; my (@param) = $cgi->param("firstname","lastname","type") ; my ($dsn)="DBI:mysql:dr:localhost"; my ($user_name) = "fubar" ; my ($password) = "secret" ; my ($dbh,$sth) ; my (@ary) ; $dbh = DBI->connect ($dsn, $user_name, $password, { RaiseError => 1 }); $sth=$dbh->prepare ("SELECT firstname,lastname,type FROM dts WHERE firstname LIKE $param[0] AND lastname LIKE $param[1] and type LIKE $param[2]" ); $sth->execute (); and I get this error simply running the program from the command line: DBD::mysql::st execute failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 at ./submit.cgi line 24. My question is: is this the right syntax to use, both, for this line: my (@param) = $cgi->param("firstname","lastname","type") ; as well as this one: $sth=$dbh->prepare ("SELECT firstname,lastname,type FROM dts WHERE firstname LIKE $param[0] AND lastname LIKE $param[1] and type LIKE $param[2]" ); or should there be quotes around the $param[0] or something? (also is it $param[0] or $param(0)?) Thanks. |
Check your syntax
Right off, I notice that you aren't quoting strings:
Code:
$sth=$dbh->prepare (qq{SELECT firstname,lastname,type FROM dts |
All times are GMT -5. The time now is 10:20 PM. |