Keep It Simple, Stupid | |
PerlMonks |
Re^7: DBI parameterized database query with comma seperated listby Pope-O-Matik (Pilgrim) |
on Dec 22, 2015 at 04:44 UTC ( [id://1150928]=note: print w/replies, xml ) | Need Help?? |
Please review the possible outputs listed Actually, on second look, that's not bad. You're generating placeholders and then passing the values. For an IN() list (as opposed to one that dynamically specifies columns) that ought to work from a security standpoint. That being said, the second issue is query caching, which cannot be done when the statement changes at all. In that case, letting the RDBMS do it, may have a (light) performance benefit if the query is executed more than once.
In Section
Seekers of Perl Wisdom
|
|