February 2000
Intermediate to advanced
364 pages
11h 47m
English
Content preview from Programming the Perl DBIBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Constructing “on-the-fly” statements
It is
also possible to construct ``on-the-fly'' SQL
statements using
Perl’s built-in string
handling capabilities, which can then be passed to prepare( ). A good example of this functionality can be demonstrated
using DBI to integrate
databases and web sites.
Suppose you had your megalith database available on the Web for easy online browsing. When a user types in the name of a site, it gets passed into a CGI script in the form of a string. This string is then used in an SQL statement to retrieve the appropriate information on the site from the database.
Therefore, to be able to accomplish this sort of interactivity, you need to be able to custom-build SQL statements, and using Perl’s string handling is one way to do it.[43] The following code illustrates the principle:
### This variable is populated from the online form, somehow...
my $siteNameToQuery = $CGI->param( "SITE_NAME" );
### Take care to correctly quote it for use in an SQL statement
my $siteNameToQuery_quoted = $dbh->quote( $siteNameToQuery );
### Now interpolate the variable into the double-quoted SQL statement
$sth = $dbh->prepare( "
SELECT meg.name, st.site_type, meg.location, meg.mapref
FROM megaliths meg, site_types st
WHERE name = $siteNameToQuery_quoted
AND meg.site_type_id = st.id
" );
$sth->execute( );
@row = $sth->fetchrow_array( );
...Furthermore, any part of this query can be constructed on the fly since the SQL statement is, at this stage, simply a Perl string. Another ...