CODEWITHSUNDEEP
mysqlperl
anaconda_wly
anaconda_wly

Reputation: 159

Perl DBD fetchrow_array error:

I got some strange error when reading MySQL, my code is something like this:

my $sql = <<"sqleof";
select t1.name t1_name, t2.name t2_name from t2
    inner join t1 using(Id)
    where t2.Id in (select Id from t3 where t3Id='$id') 
sqleof
#here $dbh had connected correctly and done some query before this; $sql can execute pretty well on MySQL command line and return me some records.
my $execute = $dbh->prepare($sql);
$execute->execute or die "Error: $DBI::errstr\n";
my @client = $execute->fetchrow_array() or die "Error: $DBI::errstr\n";
#here I got error saying: DBD::ODBC::st fetchrow_array failed:     Unable to fetch information about the error

What's the problem?

Hi, all, sorry to bother you. I had found the reason. It's a low level miss, as I had used multiple $dbh and I make a mistake of the execute name.

    my $execute_A = $dbh->prepare($sql);
$execute_A->execute or die "Error: $DBI::errstr\n";
my @client = $execute_B->fetchrow_array()  #$execute_B here when I copied lines and modified.

Your helps are of much importance to me. Thank you all.

Upvotes: 1

Views: 1353

Answers (3)

mpapec
mpapec

Reputation: 50647

Replace 

my @client = $execute->fetchrow_array() or die "Error: $DBI::errstr\n";

with

my @client = $execute->fetchrow_array();

You're fetching empty array and this is not suitable for error checking as ..or die .. suggests.

.. or die .. makes sense only for prepare and execute methods.

Side note, you're also lacking proper error checking:

my $execute = $dbh->prepare($sql) or die $dbh->errstr; # not $DBI::errstr
$execute->execute or die $execute->errstr;             # not $DBI::errstr

also, use sql placeholders to prevent sql injection.

Upvotes: 2

Guntram Blohm
Guntram Blohm

Reputation: 9819

It seems to me that the execute causes your mysql server to crash. This is the only reason i can think of that would explain the "unable to fetch information about the error". If you're using safe_mysqld, you might not even notice since it gets restarted automatically.

If that is on a web site, and you get this error once in a while, then someone is trying to hack you by putting stuff like 3' or 'a'='a in your form (try what happens if you replace id with this string in your question). If they get the format wrong, the server might try to execute anything. To prevent this kind of SQL Injection attack, rewrite your query to

my $sql = <<"sqleof";
select t1.name t1_name, t2.name t2_name from t2
    inner join t1 using(Id)
    where t2.Id in (select Id from t3 where t3Id=?) 
sqleof

and call $execute->execute($id).

Upvotes: 0

nick_v1
nick_v1

Reputation: 1664

Try changing the variable $id in your sql query to ? and then pass the variable through execute. Like $execute->execute($id)

Upvotes: 0

Related Questions