Perl6 API with Slang::SQL

Question

Hi im trying to do an API in Perl6 using Bailador, DBIish and Slang::SQL but when I try to use

sql select * from user where nom='"$name"'; do -> $row {
        "$row".say;
}

instead of

sql select * from user where nom="try"; do -> $row {
        "$row".say;
}

it dont tell me anything :c (obviously $name == "try") I search for hour on the internet but with no answer. I already try to use only DBIish synthaxe but it end with the same result. Can someone help me :) ?

Answer 1

You should be using place holders is the main reason why. The slang doesn't do quoting of that kind, and even if it did you'd be introducing a point of entry for a SQL injection exploit in your code - unless you escaped quotes in the variable.

Instead try:

sql select * from user where nom = ?; with ($name) do -> $row {
    $row.say;
}

Good luck with your app. BTW there's a subreddit that'd be interested in your progress https://www.reddit.com/r/perl6

Answer 2

So I tried Matt Oates's answer but it didn't give me anything back (like if it didn't find anything in the DB). But I finally found the syntax that did the job:

my $email = request.params<email>;
my $db = 'SELECT * FROM user WHERE email=?';
my $do = $*DB.prepare($db);
$do.execute($email);
my %row = $do.fetchrow_hashref;
return (%row);