Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot

Re^2: Using multiple values in a SQL "in" statement

by space_monk (Chaplain)
on May 02, 2013 at 09:54 UTC ( #1031719=note: print w/replies, xml ) Need Help??

in reply to Re: Using multiple values in a SQL "in" statement
in thread Using multiple values in a SQL "in" statement

Normally your answers are very good, but this is not one of those answers. :-)

Putting values directly into a SQL statement is a classic example of what not to do, because it is vulnerable to SQL injection attacks if the ID array values are externally sourced. The reason it is recommended to bind values in is to protect themselves from this sort of thing! :-)

If you spot any bugs in my solutions, it's because I've deliberately left them in as an exercise for the reader! :-)
  • Comment on Re^2: Using multiple values in a SQL "in" statement

Replies are listed 'Best First'.
Re^3: Using multiple values in a SQL "in" statement
by sundialsvc4 (Abbot) on May 02, 2013 at 12:17 UTC

    Notice how, in one of the examples above, a string is (easily ...) constructed that consists of one-or-more question marks separated by commas.   This string is inserted dynamically (and safely) into the SQL string.   A corresponding parameter is added to the list of parameters at the same time, and the two are provided together when the query is run.   This technique is suitably dynamic, yet safe from injection.

    I will also endorse the notion of using DBIx::Class ... or SQL::Abstract if you have a lot of existing code to deal with.   They are solid and helpful.

Re^3: Using multiple values in a SQL "in" statement
by hdb (Prior) on May 02, 2013 at 10:13 UTC

    Thanks for the explanation. I had already realized that I did not read the question careful enough but I had not understood the full significance.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1031719]
[stevenlm87]: Needs help. I am taking an online class for perl and is using Padre. How can I get a list from the input in this code? print "What are your favorite hobbies? "; my $hobbies = <STDIN>; chomp $hobbies; print "Your favorite hobbies are '$hobbies'\n";

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (8)
As of 2017-02-23 19:48 GMT
Find Nodes?
    Voting Booth?
    Before electricity was invented, what was the Electric Eel called?

    Results (350 votes). Check out past polls.