Think about Loose Coupling | |
PerlMonks |
Re^5: Preventing malicious T-SQL injection attacksby davorg (Chancellor) |
on Mar 05, 2007 at 16:05 UTC ( [id://603239]=note: print w/replies, xml ) | Need Help?? |
You can question whatever you want. It's your code, after all. But you need to know the number of parameters in order to create an SQL string with the correct number of placeholders. So DBI checks the number of parameters for you for free. You get an extra layer of defensive programming for no cost. I can't see any reason why you wouldn't want to make use of it.
-- "The first rule of Perl club is you do not talk about Perl club." -- Chip Salzenberg
In Section
Seekers of Perl Wisdom
|
|