Calling a method within a double-quoted string?

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question: ⭐ (object-oriented programming)

I want to have a double-quoted string like this, where $dbh is a DBI database handle and $userinput is (potentially hostile) user input:

"select * from foo where bar = $dbh->quote($userinput)"
[download]

It doesn't work. That quote method isn't called. Instead, the $dbh object itself is converted to a string.

This works like I want:

"select foo from bar where baz = ${ \$dbh->quote($userinput) }"
[download]

But that is an ugly hack, referencing and dereferencing just to trick Perl's string parser into doing what I want.

Any better ideas? I know I can do "blah".$whatever."blah" but that's even harder for my eyes to parse.

Originally posted as a Categorized Question.

Comment on Calling a method within a double-quoted string? Select or Download Code

Replies are listed 'Best First'.
Re: Calling a method within a double-quoted string?⭐ by plaid (Chaplain) on Jun 10, 2000 at 04:11 UTC
You should use place holders in this case, as they automatically take care of quoting: `my $sth = $dbh->prepare("select * from foo where bar = ?"); $sth->execute($userinput);` [download] In the more general case, you can use sprintf to interpolate functions into strings: `my $sql = sprintf "select * from foo where bar = %s", $dbh->quote($use +rinput);` [download]	[reply] [d/l] [select]
Re: Calling a method within a double-quoted string? by btrott (Parson) on Jun 10, 2000 at 04:15 UTC
For the DBI case, the correct answer is definitely placeholders. However, in the general case, consider Interpolation. It's pretty nifty. It lets you define "arbitrary interpolation semantics". From its man page: For example, you can say use Interpolation money => \&commify_with_dollar_sign, E => 'eval', placename => 'ucwords'; And then you can write these: print "3 + 4 = $E{3+4}"; # Prints ``3 + 4 = 7'' $SALARY = 57500; print "The salary is $money{$SALARY}"; # Prints ``The salary is $57,500.00'' [download] For your need, you could use this: `use vars qw/$dbh/; use DBI; $dbh = DBI->connect('baz', 'foo', 'bar', 'Oracle'); use Interpolation quoteit => sub { $dbh->quote(@_) }; print "select * from foo where bar = $quoteit{baz}";` [download] Which is quite handy. Still, in your particular case, placeholders are better.	[reply] [d/l] [select]
Re: Calling a method within a double-quoted string? by pemungkah (Priest) on Nov 08, 2006 at 01:56 UTC
The cheap but punctuation-heavy answer: `my $string = "this is an interpolated method call: @{[$obj->method]}";` [download] What's happening here, working from the inside out: The method call happens, and it returns a list of zero or more values. Outside that, we have an anonymous array constructor, so now we've got a reference to an anonymous array containing the value(s) returned from the method. Outside that, we have `@{ }`, which dereferences the array reference, so we have an array. Perl now happily interpolates the dynamically-generated anonymous array into the string, because it knows how to do that. This is essentially what Interpolation.pm does, cut down to adding a few extra characters in your string. Drawback: ugly, and possibly really confusing to the reader. Advantage: only 5 extra characters.	[reply] [d/l]
Answer: Calling a method within a double-quoted string? by Anonymous Monk on Jun 10, 2000 at 04:32 UTC
Thanks folks! I already knew about placeholders but not all DBI drivers support them. I always forget about sprintf. I guess I don't like seperating variables from the string. Interpolation.pm looks really cool. I'll have to try it.	[reply]
RE: Answer: Calling a method within a double-quoted string? by btrott (Parson) on Jun 10, 2000 at 04:37 UTC
The Anonymous Monk said: `> I already knew about placeholders but not all DBI > drivers support them.` [download] Actually, I believe placeholders are at least emulated in all DBI drivers. Even if the underlying database doesn't support placeholders or bound variables, DBI emulates the behavior internally. This is true, at least, of the MySQL driver. The appendix of the DBI book has more information.	[reply] [d/l]

Back to Seekers of Perl Wisdom