Re: •Re: username and password verification from a table in Postgres

in reply to •Re: username and password verification from a table in Postgres
in thread username and password verification from a table in Postgres

Why do you use the placeholder, and then suply the value in the same statement? Granted, I didn't even know this was possible, so I appriciate haveing seen it.

But why not just do?:

my $count = $dbh->selectrow_array("select count(*) from
    users where userid = $username");

Thanks,
Sean

Comment on Re: •Re: username and password verification from a table in Postgres
Re(3): username and password verification from a table in Postgres by VSarkiss (Monsignor) on May 22, 2002 at 18:41 UTC
Consider the case where `$username` is "Joe Blow". Without quoting, the space would interpolate, rendering illegal SQL.	[reply] [d/l]
Re: Re: •Re: username and password verification from a table in Postgres by spq (Friar) on May 22, 2002 at 18:43 UTC
Hmmm, looking at your message and my reply side by side, I think I get your intent now. You use the placeholder to escape (I didn't apply your use of this word properly) the username, in the sense that you take advantage of the automatic quoteing of values substituted for placeholders, as a way to protect possibly invalid characters in the username? This jumped out at me when I looked at my own post and realized that it would be an invalid statement. For Anonymous Monk: Another way of doing this in advance is to use the DBI's quote method, like: my $quoted_username = $dbh->quote($username); Hmm, this reminds me I had thought to post a general question about a MySQL DBI driver patch I used to add an extra placeholder that does not get quoted, and so is useful for table names and such... Anywho, my apologies for the line noise. Sean<BR	[reply]


Clear questions and runnable code get the best and fastest answer
	PerlMonks

Re: •Re: username and password verification from a table in Postgres

The best material for plates (tableware) is: