Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Re: SQL Quoting

by Masem (Monsignor)
on Jan 28, 2002 at 19:07 UTC ( #142064=note: print w/replies, xml ) Need Help??


in reply to SQL Quoting

Are you using DBI? If so, you should use placeholders to specify what gets put into the DB. Before being added, all questionable characters, including single and double quotes, are appropriate escaped to avoid problems.
use DBI; my $dbh = DBI->connect( ... ); my $sth = $dbh->prepare( "INSERT INTO table VALUES ( ?, ?, ? )" ) or d +ie $DBI->errstr; $sth->execute( $name, $address, $comment ) or die $DBI->errstr;
In the case above, the SQL that will be processed is:
INSERT INTO table VALUES ( $name, $address, $comment )
But with $name, $address, and $comment appropriate escaped to avoid problems with quoted characters.

-----------------------------------------------------
Dr. Michael K. Neylon - mneylon-pm@masemware.com || "You've left the lens cap of your mind on again, Pinky" - The Brain
"I can see my house from here!"
It's not what you know, but knowing how to find it if you don't know that's important

Replies are listed 'Best First'.
Re: Re: SQL Quoting
by Matts (Deacon) on Jan 28, 2002 at 22:24 UTC
    And the biggest bonus of all: Most modern DB's will cache the statement handle for you so that you can use the same SQL again and again, and it won't have to go through the SQL parsing overhead (not that there's much overhead, but it's still a bonus). Plus you can use $dbh->prepare_cached() if the underlying database doesn't do that for you.

    In summary, always use placeholders. There's simply no reason not to.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://142064]
help
Chatterbox?
[karlgoethebier]: They took Unix from some aliens
[marioroy]: Perl is so powerful that it can poll 40 metrics from 20 million devices in 40 minutes using 4 nodes only.
[karlgoethebier]: http://www. uncoveror.com/ aliens.htm
[Lady_Aleena]: marioroy, I can't decide whether or not to move my RolePlaying:: Random:: modules to just Random::. I'm not as sophisticated as most here.
[marioroy]: Naming things can be difficult, sometimes more so that the actual code :)
[karlgoethebier]: Lady_Aleena: You need to jump to some conclusion
[Lady_Aleena]: And what would I rename RolePlaying/Random .pm to if I move all the RolePlaying/Random modules to just Random? Random/Util.pm Random/Base.pm, maybe lowercase the file name to indicate it is a bit different? I don't know yet.
[marioroy]: What does Random do?
[karlgoethebier]: https://www. youtube.com/watch? v=42WNHGr1jGI
[Lady_Aleena]: karlgoethebeir, I finished another project tonight, making a module which printed stop printing. It was a headache and a half.

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (9)
As of 2017-05-29 08:56 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?