mysql - How to Bind value of table name in perl? -
here trying bind table name particular query:
$sth = $dbh->prepare("select id ? service_id = ?"); and execute statement:
$sth->execute($table_name,$service_id); it gives sql error, why so?
is there way can bind table name particular query?
you can utilize query parameters in place of literal value in sql expression.
i.e., in place utilize quoted string literal or quoted date literal or number.
parameters cannot used table names, column names, lists of values (like in clause), sql keywords, or sql expressions.
to create name of table dynamic, have interpolate sql query string before prepare it:
my $table_name_lit = $dbh->quote_identifier($table_name); $sth = $dbh->prepare("select id $table_name_lit service_id = ?"); $sth->execute($service_id); take care $table_name doesn't contain untrusted content. best way compare $table_name list of known table names. in other words, utilize fixed list of tables whitelist. if $table_name doesn't match of table names, utilize default table name.
mysql perl
No comments:
Post a Comment