in reply to
Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite
Ran your code on IBM UDB version 9.5.0 on Linux 2.6.9 i386.
$ perl -w 661423.pl
Connected OK to DBD::DB2::VIPER.
Clear out existing data from the test table ..
Add (44,Some benign text) to the test table ..
Add (55,Just regular data) to the test table ..
Add (66,Evil data');DELETE FROM jobs;) to the test table ..
Dump out the result.
'44', 'Some benign text'
'55', 'Just regular data'
'66', 'Evil data');DELETE FROM jobs;'
However, I would in most cases favor stored procedures
as main way of interacting with a database. Benefits includes both security (which includes preventing SQL injection attacks - simply because you don't get to create dynamic SQL) and performance.