Re: Multiple SQL statements in DBIby chacham (Priest)
|on Sep 07, 2012 at 10:33 UTC||Need Help??|
1. If the error is with setting nickname = 'three', then why doesn't nickname end up being = 'two'?
Because the entire second batch is rejected. The error does not mean that the second statement in the second batch failed; it means that because of the second statement, the entire batch failed.
2. Does DBI allow multiple SQL statements to be run in one invocation? If so, how can that be done?
The DBI documentation states "Multiple SQL statements may not be combined in a single statement handle ($sth), although some databases and drivers do support this (notably Sybase and SQL Server)."
Technically, DBI allows multiple statements to be passed in one call, though it is up to the specific driver to allow multiple statement in one batch.
As a block in considered one statement (like multiple lines of code in curly braces), most implementations allow passing an anonymous block with multiple statements. Such as:
3. Or if not, why not? Is it to help prevent SQL injection, perhaps? That's fine, as that's the reason for my test, but I'd like to see how to make it happen before I see if my methods of prevention are working.
Why not? Because database CLI drivers generally allow exactly one statement to be processed, and DBI can't change that.
SQL Injection? No. SQL Injection is only a concern with dynamic SQL. Multiple statements and dynamic SQL are two completely different things.