note tye <blockquote><i> I never use quote myself. </i></blockquote><p> Actually, quote() is the more general solution. I've run into quite a few different problems trying to use placeholders. And I've never noticed any performance problem with my failure to re-use prepared queries. I've actually had more problems due to people being too aggressive about trying to re-use prepared queries such as using prepare_cached() way too much. </p><p> A significant fraction (perhaps a majority) of the environments where I've done significant DBI work were such that placeholders had no performance impact <em>at all</em>. For example, the default with [mod://DBD::mysql] seems to still be to not do server-side prepares. </p><p> At more than one recent employer I've experienced upgrading [mod://DBD::Pg] such that prepares started happening server-side and then having to disable server-side prepares due to more than one resulting problem (the query planner got significantly stupider in a few important cases, it was incompatible with PgBouncer or other middle-layer tools, and other problems). </p><p> We had some breakage at PerlMonks because "limit ?" worked fine on older versions of DBD::mysql but then stopped working after some ugprade. </p><p> And I've had significant problems with placeholders when using DBD::ODBC. The first batch of problems were around certain data type checking such that "where somedate = '2011-01-01'" is no problem but "where somedate = ?" plus passing '2011-01-01' to execute() gave some "type mismatch" error. </p><p> The scariest problem was using DBD::ODBC and having "where somedate between cast(? as datetime) and cast(? as datetime)" work without emitting any errors or warnings but then returning <em>the wrong data</em>. But, of course: </p><c> join ' ', ... "where somedate between", $dbh->quote($start), "and", $dbh->quote($end), </c><p> worked exactly as expected (whether "cast( ... as datetime)" was included or not). </p><p> So, I like being able to use placeholders. But way too often that actually requires being able to disable server-side prepares which then just boils down to $dbh->quote() except that the DBD module is doing that call for you (and thus removes your claimed advantage). </p><p> Actually, the majority of my experience using [mod://DBI] is via some wrapper (quite a few different ones, some extremely thin, some only moderately thin) that takes my column names and column values and assembles at least some of the SQL for me. </p> <div class="pmsig"><div class="pmsig-22609"><p align="right"> - [tye]<tt> &nbsp; &nbsp; &nbsp; &nbsp;</tt> </p></div></div> 907815 907835