Q&A > database programming > What are placeholders in DBI, and why would I want to use them? - Answer contributed by schweini
I'd just like to add that extensive use of DBI-placeholders renders a CGI-app basically IMMUNE to the so-called "SQL-injection" family of attacks, which consist of shoving a bit of nasty SQL instrucions down your CGI's thraot, which it would - if it doesn't use placeholders or another escaping tactic, just pass on to the DB.
This, all by itself, is a very, very nice thing to have, i think. additionally, you can never be sure that some data you could've sworn would never contain a single-quote doesn't end up containing one some day, leaving you with a sometimes quite cryptic syntax-error.