Perl: Want to compare CGI input with data from a MySQL table
Hello,
I have this program:
#! /usr/bin/perl
use DBI ;
use strict ;
use CGI ;
my ($cgi) = new CGI ;
my (@param) = $cgi->param("firstname","lastname","type") ;
my ($dsn)="DBI:mysql:dr:localhost";
my ($user_name) = "fubar" ;
my ($password) = "secret" ;
my ($dbh,$sth) ;
my (@ary) ;
$dbh = DBI->connect ($dsn, $user_name, $password, { RaiseError => 1 });
$sth=$dbh->prepare ("SELECT firstname,lastname,type FROM dts WHERE firstname LIKE $param[0] AND lastname LIKE $param[1] and type LIKE $param[2]" );
$sth->execute ();
and I get this error simply running the program from the command line:
DBD::mysql::st execute failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 at ./submit.cgi line 24.
My question is: is this the right syntax to use, both, for this line:
my (@param) = $cgi->param("firstname","lastname","type") ;
as well as this one:
$sth=$dbh->prepare ("SELECT firstname,lastname,type FROM dts WHERE firstname LIKE $param[0] AND lastname LIKE $param[1] and type LIKE $param[2]" );
or should there be quotes around the $param[0] or something? (also is it $param[0] or $param(0)?)
Thanks.
|