Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re: •Re: username and password verification from a table in Postgres

by spq (Friar)
on May 22, 2002 at 18:30 UTC ( #168542=note: print w/ replies, xml ) Need Help??


in reply to •Re: username and password verification from a table in Postgres
in thread username and password verification from a table in Postgres

Why do you use the placeholder, and then suply the value in the same statement? Granted, I didn't even know this was possible, so I appriciate haveing seen it.

But why not just do?:

my $count = $dbh->selectrow_array("select count(*) from
    users where userid = $username");

Thanks,
Sean


Comment on Re: •Re: username and password verification from a table in Postgres
Re(3): username and password verification from a table in Postgres
by VSarkiss (Monsignor) on May 22, 2002 at 18:41 UTC

    Consider the case where $username is "Joe Blow". Without quoting, the space would interpolate, rendering illegal SQL.

Re: Re: •Re: username and password verification from a table in Postgres
by spq (Friar) on May 22, 2002 at 18:43 UTC

    Hmmm, looking at your message and my reply side by side, I think I get your intent now. You use the placeholder to escape (I didn't apply your use of this word properly) the username, in the sense that you take advantage of the automatic quoteing of values substituted for placeholders, as a way to protect possibly invalid characters in the username?

    This jumped out at me when I looked at my own post and realized that it would be an invalid statement.

    For Anonymous Monk: Another way of doing this in advance is to use the DBI's quote method, like:

    my $quoted_username = $dbh->quote($username);
    

    Hmm, this reminds me I had thought to post a general question about a MySQL DBI driver patch I used to add an extra placeholder that does not get quoted, and so is useful for table names and such...

    Anywho, my apologies for the line noise.
    Sean<BR

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://168542]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (11)
As of 2014-12-25 04:24 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (159 votes), past polls