Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re^4: DBI variable argument count

by anothersmurf (Novice)
on Sep 14, 2012 at 21:53 UTC ( #993800=note: print w/ replies, xml ) Need Help??


in reply to Re^3: DBI variable argument count
in thread DBI variable argument count

OK....

I didn't know they were called placeholders until I came to this site. When I google searched for "mysql select placeholders", I discovered this:

http://stackoverflow.com/questions/8054421/mysql-perl-placeholder-rules

Says: "With most drivers, placeholders can't be used for any element of a statement that would prevent the database server from validating the statement and creating a query execution plan for it."

So now I guess I need to sanitize the user input for the select statement so there is less risk of attack on that front and simply execute() with no arguments.


Comment on Re^4: DBI variable argument count
Re^5: DBI variable argument count
by CountZero (Bishop) on Sep 15, 2012 at 17:32 UTC
    There is no problem using placeholders as arguments in the "WHERE" part of your SQL.

    CountZero

    A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

    My blog: Imperial Deltronics

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://993800]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (10)
As of 2014-12-22 10:46 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (116 votes), past polls