Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery

Re: PerlOO what i am doing???

by chacham (Vicar)
on Aug 12, 2012 at 20:32 UTC ( #986978=note: print w/ replies, xml ) Need Help??

in reply to PerlOO what i am doing???

As a side note, building SQL strings is dynamic SQL. It is inefficient, pone to error, and allows for SQL injection.

As you're using prepare and execute on the actual statements, you can use placeholders and pass the variable's in a hash (the optional second parameter to execute), which is the first line of defense against SQL injection and more efficient.

That is, instead of:

my $sql = "select MNref from comment_record where MNid=" . "\"$self->{ +_MNid}\""; my $ccr = $dbh->prepare($sql); $ccr->execute() or die "$!";


my $sql = "select MNref from comment_record where MNid= ?"; my $ccr = $dbh->prepare($sql); $ccr->execute($self->{_MNid}) or die $ccr->errstr;

It's also a lot easier to read. Note, also, return DBI's error, instead of just $!.

Comment on Re: PerlOO what i am doing???
Select or Download Code

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://986978]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (5)
As of 2015-10-04 16:32 GMT
Find Nodes?
    Voting Booth?

    Does Humor Belong in Programming?

    Results (103 votes), past polls