Ron Savage wrote:
(This Perl is from my Database.pm):
# -----------------------------------------------
sub find_entity_via_keystrokes
{
my($self, $prefix) = @_;
my($sql) = "select entity_id, entity_name from entity where entity_name_key
like lower('$prefix%') order by entity_name";
my($result) = $$self{'_dbh'} -> selectcol_arrayref($sql, {Columns => [1,
2]});
I do hope you're in a tightly controlled environment, or that you're properly untainting and detoxifying $prefix. I'd suggest using placeholders instead of using variables directly in sql strings.
Isn't your "like" case-insensitive? I guess that might depend on the database engine.
Anyway, just my 2 øre. The technique is interesting though.
Rhesa
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.