The use of placeholders is absolutely vital when using SQL, especially in a web-site where the inputs can never be fully trusted. The placeholders, an un-quoted question mark (therefore, not a literal-string), represent places where consecutive values from a separately-supplied list will be inserted. In this way, it is impossible for any of the data to be misinterpreted (that is, “injected”) as part of the SQL statement itself. Nor can there ever be any question about where each value begins or ends. The data-type of each parameter in the list is independently known and does not have to be, nor converted to, a character-string. (At least, not by you.) Furthermore, this might (or might not) also solve your character-encoding concern: the SQL string is one “thing,” and each parameter is another, such that never the twain shall meet. It’s very clean and black-box-ish: “here’s the SQL string, and here’s a rag-tag bag of parameters I want to use with it; now, go do it.”
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.
| & || & |
| < || < |
| > || > |
| [ || [ |
| ] || ] ||