in reply to
Re^3: DBH Insert of Binary Data
in thread DBH Insert of Binary Data
I mostly agree, but AFAIK, the $dbh->quote() method is (or should be) implemented by the specific DBD driver and should always escape correctly. Now, there might be situations or database where you can't just insert a quoted string in a BLOB, but SQL injection should not be possible with a $dbh->quote()d string.
The top post should remove the quotes around the quoted string, though, as $dbh->quote already provides them. Never mind, there aren't any.