I think you ought to be able to use placeholders for the parameters. Thus, you provide just as many question marks as there are parameters (BTW don't the parameters start at index 0?), and pass the actual parameter in the do
$Command = "EXEC $SPROC " . join ', ', ('?') x $elements_in_array;
This will produce something that looks like
(I have no idea if this is the proper syntax for calling stored procedures in T-SQL — perhaps it needs parens?)
EXEC FOO ?, ?, ?
which later you call through
$dbh->do($Command, undef, @CHOICE[1 .. $elements_in_array])
comes in place of the \%attr
in the docs
That ought to remove all possible problems related to dangerous values in ther parameters, as they're all treated as content of strings.
And yes, you should check if $PROC looks right, like a proper procedure name, for example with a regex.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.
| & || & |
| < || < |
| > || > |
| [ || [ |
| ] || ] ||