Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight

Re: PerlOO what i am doing???

by chacham (Parson)
on Aug 12, 2012 at 20:32 UTC ( #986978=note: print w/replies, xml ) Need Help??

in reply to PerlOO what i am doing???

As a side note, building SQL strings is dynamic SQL. It is inefficient, pone to error, and allows for SQL injection.

As you're using prepare and execute on the actual statements, you can use placeholders and pass the variable's in a hash (the optional second parameter to execute), which is the first line of defense against SQL injection and more efficient.

That is, instead of:

my $sql = "select MNref from comment_record where MNid=" . "\"$self->{ +_MNid}\""; my $ccr = $dbh->prepare($sql); $ccr->execute() or die "$!";


my $sql = "select MNref from comment_record where MNid= ?"; my $ccr = $dbh->prepare($sql); $ccr->execute($self->{_MNid}) or die $ccr->errstr;

It's also a lot easier to read. Note, also, return DBI's error, instead of just $!.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://986978]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (12)
As of 2016-10-26 17:59 GMT
Find Nodes?
    Voting Booth?
    How many different varieties (color, size, etc) of socks do you have in your sock drawer?

    Results (345 votes). Check out past polls.