How to pass variable value to a sql query

Hi,
    How can i pass a variable to a sql query like

    rs = dbh.prepare("select *from status_check where id=204")
    rs.execute

Instead of giving the value of id I want to make it dynamic ,where I can
pass the dynamic value of id fetched from database much like in PL/SQL .
How to do this .Anybody help !!

look up "placeholders". A google search yielded: http://www.kitebird.com/articles/ruby-dbi.html#TOC_8

David Morton
Maia Mailguard http://www.maiamailguard.com
mortonda@dgrmm.net

Pradeepta Swain wrote:

Hi,
    How can i pass a variable to a sql query like

    rs = dbh.prepare("select *from status_check where id=204")
    rs.execute

Instead of giving the value of id I want to make it dynamic ,where I can
pass the dynamic value of id fetched from database much like in PL/SQL .
How to do this .Anybody help !!

rs = dbh.prepare("select *from status_check where id=#{value}")
rs.execute

NO! This is a security risk.

This opens you up to sql injection attacks. You should always use placeholders so the library can properly escape your input. See my other message for a link on how to use placeholders.

David Morton
Maia Mailguard http://www.maiamailguard.com
mortonda@dgrmm.net