Mysql query parameter issue in Perl

Question

Got a little problem in my code, the query works fine if I manually put values in. But failed if I use my variable. The code shows below

my $get_meter_id = $dbh->prepare("SELECT * from t_readings where meter_serial = '21001652' AND ...");
$get_meter_id->execute() or die "Couldn't execute statement: ".$get_meter_id->errstr;
my $meter_reg_id = $get_meter_id->fetchrow_array();

Above one works

where meter_serial = 21001652 AND ...")

Above one works.

where meter_serial = '".$variable."' AND ...")

Above doesn't work

where meter_serial = ".$variable." AND ...")

Above doesn't work

Many thanks.

Answer 1

What about:

my $get_meter_id = $dbh->prepare("SELECT * from t_readings where" .
     "meter_serial = ? AND ...");
$get_meter_id->execute($variable) or die "Couldn't execute statement: " . 
     $get_meter_id->errstr;
my $meter_reg_id = $get_meter_id->fetchrow_array();

further reading

Answer 2

Use placeholders. Don't fiddle about with string concatenation.

my $get_meter_id = $dbh->prepare("SELECT * from t_readings where meter_serial=? AND ...");
my $foo = 21001652;
$get_meter_id->execute($foo) or die "Couldn't execute statement: ".$get_meter_id->errstr;