Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re^2: Using multiple values in a SQL "in" statement

by space_monk (Chaplain)
on May 02, 2013 at 09:54 UTC ( [id://1031719]=note: print w/replies, xml ) Need Help??


in reply to Re: Using multiple values in a SQL "in" statement
in thread Using multiple values in a SQL "in" statement

Normally your answers are very good, but this is not one of those answers. :-)

Putting values directly into a SQL statement is a classic example of what not to do, because it is vulnerable to SQL injection attacks if the ID array values are externally sourced. The reason it is recommended to bind values in is to protect themselves from this sort of thing! :-)

If you spot any bugs in my solutions, it's because I've deliberately left them in as an exercise for the reader! :-)

Replies are listed 'Best First'.
Re^3: Using multiple values in a SQL "in" statement
by sundialsvc4 (Abbot) on May 02, 2013 at 12:17 UTC

    Notice how, in one of the examples above, a string is (easily ...) constructed that consists of one-or-more question marks separated by commas.   This string is inserted dynamically (and safely) into the SQL string.   A corresponding parameter is added to the list of parameters at the same time, and the two are provided together when the query is run.   This technique is suitably dynamic, yet safe from injection.

    I will also endorse the notion of using DBIx::Class ... or SQL::Abstract if you have a lot of existing code to deal with.   They are solid and helpful.

Re^3: Using multiple values in a SQL "in" statement
by hdb (Monsignor) on May 02, 2013 at 10:13 UTC

    Thanks for the explanation. I had already realized that I did not read the question careful enough but I had not understood the full significance.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1031719]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others surveying the Monastery: (3)
As of 2024-03-19 10:19 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found