0

我有一个查询,我想在 where 语句中插入一个三元运算符,如下所示:

WHERE 

 $self->is_defined? 'some_column = $self->defined' : 'some_other_column = $self->defined_some'
 AND blah blah blah
 AND blah blah blah

类似的东西。怎么做?

到目前为止,我的代码是这样的,它不起作用:

"SELECT blah blah blah

    WHERE 
     "$self->is_defined ? 'o.project_id = "$self->project_id"' : 'o.brand_id = "$self->brand_id"'"
4

1 回答 1

0

首先,方法调用不会在双引号内插入,在单引号内更不用说。

您应该在创建 sql 时使用占位符以避免sql 注入

my $sql = "SELECT * from ... WHERE ";

my ($cond, $val) = $self->is_defined 
  ? ("some_column = ?", $self->defined)
  : ("some_other_column = ?", $self->defined_some);

# constructing final sql..
$sql .= $cond;

my $st = $db_handle->prepare($sql) or die $db_handle->errstr;
$st->execute($val) or die $st->errstr;
于 2013-10-25T06:29:41.203 回答