Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Select (cRud) Using Perl and DBD::ORACLE

DZone's Guide to

Select (cRud) Using Perl and DBD::ORACLE

In this post, we’re going to take a look at the R in CRUD: Retrieve. This article focuses on utilizing Perl in your database to query and retrieve data.

· Database Zone
Free Resource

Whether you work in SQL Server Management Studio or Visual Studio, Redgate tools integrate with your existing infrastructure, enabling you to align DevOps for your applications with DevOps for your SQL Server databases. Discover true Database DevOps, brought to you in partnership with Redgate.

In this post, we’re going to take a look at the R in CRUD: Retrieve.

We will be using the DBD::Oracle driver to retrieve some data from the database tables, using the connection object created in the Initial Setup section of the first post in this series.

Simple Query

We will perform a simple query that pulls all of the records in no particular order. Here are the steps we’ll follow in the code snippet below.

  1. Create the connection object and set it to raise errors.  We will use this object to perform our database operations.
  2. Prepare the SQL SELECT statement, specifying the columns desired from the table.
  3. Execute the statement.
  4. Fetch the results and dump them to $fh.
  5. Disconnect.
# Query all rows
my $con = DBI->connect( 'dbi:Oracle:', $connectString, '');
$con->{RaiseError} = 1; # set the connection to raise errors

my $sth = $con->prepare("select id, name, age, notes from lcs_people");
$sth->execute;
DBI::dump_results($sth);

$con->disconnect;

When I run this code in my Perl session, I see:


'1', 'Bob', '35', 'I like dogs'
'2', 'Kim', '27', 'I like birds'
2 rows

Extra Fun 1

Modify the statement to order by age.  When you’re done the results should be:

'2', 'Kim', '27', 'I like birds'
'1', 'Bob', '35', 'I like dogs'
2 rows


'2', 'Kim', '27', 'I like birds'
'1', 'Bob', '35', 'I like dogs'
2 rows


Answer:

my $con = DBI->connect( 'dbi:Oracle:', $connectString, '');
$con->{RaiseError} = 1; # set the connection to raise errors

my $sth = $con->prepare("select id, name, age, notes from lcs_people order by age");
$sth->execute;
DBI::dump_results($sth);


Select Specific Rows

Now suppose I only want to see the data for Kim. I want, therefore, to restrict the rows returned by the SELECT. This is done with a WHERE clause. There are several ways to do this.

We could just put the where clause in the statement and it would work.

my $sth = $con->prepare("select id, name, age, notes from lcs_people where name = 'Kim'");

However, we want to choose the name at runtime and store it in a variable called person_name. You could accept the value in as an argument passed into a function, but we’ll just set a variable to keep it simple.

my $person_name = 'Kim';

It is possible to simply concatenate the value into the statement.

my $sth = $con->prepare("select id, name, age, notes from lcs_people where name= '${person_name}'");

This is very dangerous and opens our code to a SQL Injection attack. You can follow that link for more information, but we won’t be going into detail in this series. Just know that you should, generally, never allow end user input to be fed directly into a dynamic SQL statement.

A much safer way to pass external values into the SQL statement is by using bind variables with prepared statements.

You have a couple different options:

Placeholders

my $sth = $con->prepare("select id, name, age, notes from lcs_people where name = ? and age = ?");
$sth->bind_param(1,'Bob');
$sth->bind_param(2, 35);

my $sth = $con->prepare("select id, name, age, notes from lcs_people where name = ? and age = ?");
$sth->bind_param(2, 35);
$sth->bind_param(1,'Bob');

Notice the bind_param(1,  and bind_param(2, are switched in the two examples.  With a placeholders statement, you use a ? to indicate where the bind variable value goes, then when you assign the bind_param you indicate which placeholder to assign the value to.

Named

my $sth = $con->prepare("select id, name, age, notes from lcs_people where name = :name and age = :age");
$sth->bind_param( ":name",'Bob');
$sth->bind_param( ":age", 35);

my $sth = $con->prepare("select id, name, age, notes from lcs_people where name = :name and age = :age");
$sth->bind_param( ":age", 35);
$sth->bind_param( ":name",'Bob');

With this method, the :name variable will be assigned the value of ‘name’ in the provided key value set.

Notice, in both examples, that we do not wrap the bind variable for the name with quotes. This is handled automatically when the statement is prepared for execution.

Example:

  1. Create the connection object and set it to raise errors.
  2. Assign ‘Kim’ to person_name.
  3. Prepare the SQL statement using a bind variable.
  4. Bind the value of $person_name to :name.
  5. Execute the statement.
  6. Fetch the results and dump them to $fh.
  7. Disconnect.
# Query for Kim
my $con = DBI->connect( 'dbi:Oracle:', $connectString, '');
$con->{RaiseError} = 1; # set the connection to raise errors

my $person_name = 'Kim';
my $sth = $con->prepare("select id, name, age, notes from lcs_people where name=:name ");
$sth->bind_param( ":name",$person_name);

$sth->execute;
DBI::dump_results($sth);

This will return only the data for Kim:


'2', 'Kim', '27', 'I like birds'
1 rows

Extra Fun 2

Modify the statement and variable to get the people older than 30.  When you’re done the results should be:


'1', 'Bob', '35', 'I like dogs'
1 rows


Answer:

my $con = DBI->connect( 'dbi:Oracle:', $connectString, '');
$con->{RaiseError} = 1; # set the connection to raise errors

my $person_age = 30;
my $sth = $con->prepare("select id, name, age, notes from lcs_people where age > :age ");
$sth->bind_param( ":age",$person_age);

$sth->execute;
DBI::dump_results($sth);

In this section, we took a look at some basic query functionality.  When you experiment with more complex queries, if you run into problems leave a comment here or on twitter and we’ll find an answer together.

Some things you could try

  • Join the lcs_people and lcs_pets table to get the people and their pets.
  • Only retrieve the person’s name and age.
  • Change the order to display in descending order.

Hint: If you have trouble getting a query to run in your code, try running it in SQL Plus or another database console tool. This will help determine if the problem is with the query or the code.

It’s easier than you think to extend DevOps practices to SQL Server with Redgate tools. Discover how to introduce true Database DevOps, brought to you in partnership with Redgate

Topics:
oracle ,perl ,crud ,database

Published at DZone with permission of Blaine Carter. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}