Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re: PerlOO what i am doing???

by chacham (Priest)
on Aug 12, 2012 at 20:32 UTC ( #986978=note: print w/ replies, xml ) Need Help??


in reply to PerlOO what i am doing???

As a side note, building SQL strings is dynamic SQL. It is inefficient, pone to error, and allows for SQL injection.

As you're using prepare and execute on the actual statements, you can use placeholders and pass the variable's in a hash (the optional second parameter to execute), which is the first line of defense against SQL injection and more efficient.

That is, instead of:

my $sql = "select MNref from comment_record where MNid=" . "\"$self->{ +_MNid}\""; my $ccr = $dbh->prepare($sql); $ccr->execute() or die "$!";

use

my $sql = "select MNref from comment_record where MNid= ?"; my $ccr = $dbh->prepare($sql); $ccr->execute($self->{_MNid}) or die $ccr->errstr;

It's also a lot easier to read. Note, also, return DBI's error, instead of just $!.


Comment on Re: PerlOO what i am doing???
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://986978]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (13)
As of 2014-12-27 17:16 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (177 votes), past polls