[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WTF

Subject: Re: WTF
From: Tony Fraser <..hidden..>
Date: Mon, 02 Oct 2006 09:50:39 -0700

On Mon, 2006-10-02 at 00:32 -0700, Tony Fraser wrote:
> Well, at least this will execute without errors:
> 
> 	$form->{vc} =~ s/"/""/g;
> 	$query = qq|
> 		SELECT SUM(amount - paid)
> 		  FROM $arap
> 		 WHERE "$form->{vc}_id" = ?|;
> 
> 	$sth = $dbh->prepare($query);
> 	$sth->execute($form->{"$form->{vc}_id"})
> 		|| $form->dberror($query);
> 
> 	($form->{creditremaining}) -= $sth->fetchrow_array;

There's a subtle bug in the code above (re-quotes $form->{vc} every
run). This works better:

	my $vc_id = $dbh->quote_identifier("$form->{vc}_id");

	$form->{creditremaining} = $form->{creditlimit};
	$query = qq|
		SELECT SUM(amount - paid)
		  FROM $arap
		 WHERE $vc_id = ?|;

	$sth = $dbh->prepare($query);
	$sth->execute($form->{"$form->{vc}_id"})
		|| $form->dberror($query);

DBI->quote_identifier(...) was added in DBI 1.21, released Feb 2002.
That doesn't seem like and unreasonable prerequisite to me. What does
the list think?

-- 
Tony Fraser
..hidden..
Sybaspace Internet Solutions                        System Administrator
phone: (250) 246-5368                                fax: (250) 246-5398

Follow-Ups:
- Re: WTF
  - From: Chris Travers
- Re: WTF
  - From: Joshua D. Drake

References:
- WTF
  - From: Tony Fraser
- Re: WTF
  - From: Joshua D. Drake
- Re: WTF
  - From: Tony Fraser

Prev by Date: Re: WTF
Next by Date: Re: WTF
Previous by thread: Re: WTF
Next by thread: Re: WTF
Index(es):
- Date
- Thread