Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re: Securing DB transactions with user form input

by talexb (Canon)
on Feb 03, 2008 at 20:44 UTC ( #665863=note: print w/ replies, xml ) Need Help??


in reply to Securing DB transactions with user form input

Big time, as was discussed recently:

I can't think of any reason why placeholders wouldn't be used as a matter of course.

Alex / talexb / Toronto

"Groklaw is the open-source mentality applied to legal research" ~ Linus Torvalds


Comment on Re: Securing DB transactions with user form input
Re^2: Securing DB transactions with user form input
by Thilosophy (Curate) on Feb 04, 2008 at 04:17 UTC
    I can't think of any reason why placeholders wouldn't be used as a matter of course.

    I have seen some cases where not using placeholders gave the database extra information that would result in more efficient query execution plans.

    For example if you have a table with a gender column, and only 2% of the rows have the value F, it might be helpful (in the decision whether to use a certain index or type of join) to let the database see what gender your query is about.

    select * from some_table where gender = 'F';

    Another example is the page size for paged data.

    Of course, those are edge cases, only affect databases sophisticated enough to make those kind of decisions in the first place (and those databases usually also have means to workaround the issue while still using bind variables), and are most often not related to direct user input anyway.

    In general, I absolutely agree that not using bind variables is a cardinal sin. If you are using direct interpolation into the query string, be prepared to have a very good explanation for it.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://665863]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (7)
As of 2014-09-24 05:48 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (246 votes), past polls