Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re: PerlOO what i am doing???

by chacham (Curate)
on Aug 12, 2012 at 20:32 UTC ( #986978=note: print w/ replies, xml ) Need Help??


in reply to PerlOO what i am doing???

As a side note, building SQL strings is dynamic SQL. It is inefficient, pone to error, and allows for SQL injection.

As you're using prepare and execute on the actual statements, you can use placeholders and pass the variable's in a hash (the optional second parameter to execute), which is the first line of defense against SQL injection and more efficient.

That is, instead of:

my $sql = "select MNref from comment_record where MNid=" . "\"$self->{ +_MNid}\""; my $ccr = $dbh->prepare($sql); $ccr->execute() or die "$!";

use

my $sql = "select MNref from comment_record where MNid= ?"; my $ccr = $dbh->prepare($sql); $ccr->execute($self->{_MNid}) or die $ccr->errstr;

It's also a lot easier to read. Note, also, return DBI's error, instead of just $!.


Comment on Re: PerlOO what i am doing???
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://986978]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (11)
As of 2014-10-22 09:01 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (114 votes), past polls