how to pass variable value to a sql query

  • Thread starter Pradeepta Swain
  • Start date
P

Pradeepta Swain

Hi,
How can i pass a variable to a sql query like

rs = dbh.prepare("select *from status_check where id=204")
rs.execute

Instead of giving the value of id I want to make it dynamic ,where I can
pass the dynamic value of id fetched from database much like in PL/SQL .
How to do this .Anybody help !!
 
D

David Morton

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,
How can i pass a variable to a sql query like

rs = dbh.prepare("select *from status_check where id=204")
rs.execute

Instead of giving the value of id I want to make it dynamic ,where I
can
pass the dynamic value of id fetched from database much like in PL/
SQL .
How to do this .Anybody help !!
Click to expand...

look up "placeholders". A google search yielded: http://www.kitebird.com/articles/ruby-dbi.html#TOC_8


David Morton
Maia Mailguard http://www.maiamailguard.com
(e-mail address removed)



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFHew7gUy30ODPkzl0RAsIKAJ4kBWKmfTmF0k083dj2yAIK+4ZsrgCeOHWV
iqgUQG+oXnKiR0ZBH8NyEHQ=
=eXia
-----END PGP SIGNATURE-----
 
K

Karthi kn

Pradeepta said:
Hi,
How can i pass a variable to a sql query like

rs = dbh.prepare("select *from status_check where id=204")
rs.execute

Instead of giving the value of id I want to make it dynamic ,where I can
pass the dynamic value of id fetched from database much like in PL/SQL .
How to do this .Anybody help !!
Click to expand...

rs = dbh.prepare("select *from status_check where id=#{value}")
rs.execute
 
D

David Morton

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


rs = dbh.prepare("select *from status_check where id=#{value}")
rs.execute
Click to expand...

NO! This is a security risk.

This opens you up to sql injection attacks. You should always use
placeholders so the library can properly escape your input. See my
other message for a link on how to use placeholders.

David Morton
Maia Mailguard http://www.maiamailguard.com
(e-mail address removed)



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFHezjOUy30ODPkzl0RAtFmAJ4qoogCOpMZk+gWRbwGUL08OtTzKwCgiQm6
HWDyvWfx2dhMYYvHKbme4ZA=
=2tT+
-----END PGP SIGNATURE-----
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to extract all values except the last value in a string separated by comma in sql 2
Is there a way to pass this state from component to the fetch? 1
How can I calculate the last payment of the year to be the sum of all previous payments for that year and subtracting it from Research Costs value? 7
How to write an advanced search? 3
How to display input options only after selecting an option from the 'select class' tag JS? 6
How to store data from a sign up form on a website into an sql databse 1
How to fetch database row and display in Qlabels with QcomboBox selected value in PyQt5 8
Run SQL commands through Notepad++ 1

Members online

No members online now.
Total: 35 (members: 0, guests: 35)
Robots: 347

Forum statistics

Threads
473,769
Messages
2,569,582
Members
45,070
Latest member
BiogenixGummies

Latest Threads

Top