[thelist] SQL statement construction

Tab Alleman talleman at autobex.com
Wed Oct 11 10:21:01 CDT 2000 

This may be a bit too obvious, but have you tried printing out $dbh right
before you execute it to see what the whole sql string looks like?

-----Original Message-----
From: thelist-admin at lists.evolt.org
[mailto:thelist-admin at lists.evolt.org]On Behalf Of Adrian Fischer
Sent: Wednesday, October 11, 2000 1:03 AM
To: The List
Subject: [thelist] SQL statement construction


Hi Guys 'n Gals,

By no means do I confess to knowing anything about SQL.....

This sub is supposed to access a table, search it until the data in column
usAuthenticate is equal to the data in $form{'CONFIRM'} and return that row
of information.   It returns data but only the first row in the table.  It
doesnt find the WHERE bit...

I have printed out the $form{'CONFIRM'} in the table at the end of the sub
and it is what I would expect so I assume it is being passed to the
statement correctly(?) I have changed it from int($form....) to
sqlEncode($form....) but that doesnt work at all.

I am sure its very simple.  It just doesnt search through until it finds the
match with the inputed data and the data in the column...

The update part of  the sub works fine...

Can someone point me in the right direction please?

sub update_confirmed {

  my $db = &dbconnect;
  my $dbh=$db->prepare("SELECT
usNum,usName,UsEmail,usPassword,usFullname,usStreet,usSuburb,usCity,usState,
usZip,usPhone,usAuthenticate FROM changeConfirm  WHERE  usAuthenticate=" .
int($form{'CONFIRM'}));

  $dbh->execute();

($usernum,$username,$email,$password,$fullname,$street,$suburb,$city,$state,
$postcode,$phone,$confirm) = $dbh->fetchrow_array();



 $dbh=$db->do("UPDATE tblUsers SET usEmail='" . sqlEncode($email) .
"',usPassword='" . sqlEncode($password) . "',usFullname='" .
sqlEncode($fullname) . "',usStreet='" . sqlEncode($street) . "',usSuburb='"
. sqlEncode($suburb) . "',usCity='" . sqlEncode($city) . "',usState='" .
sqlEncode($state) . "',usZip='" . sqlEncode($postcode) . "',usPhone='" .
sqlEncode($phone) . "' WHERE usNum=" . int($usernum));
&dbdisconnect($db);


print <<"EOF";
<TABLE><TR><TD>$username, your User Details have been successfully
updated.</td></tr></table>

EOF

}

Thanks


Adrian Fischer



---------------------------------------
For unsubscribe and other options, including
the Tip Harvester and archive of TheList go to:
http://lists.evolt.org Workers of the Web, evolt !

More information about the thelist mailing list