Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

sql bind parameterization clarity

by djlerman (Sexton)
on Aug 26, 2022 at 18:10 UTC ( [id://11146457]=perlquestion: print w/replies, xml ) Need Help??

djlerman has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks.

I am in the process of an sql parameterization project and would like some clarity on a few finer points.

Relating to "LIKE ?" is this the best practice:
@input = (); $string = "abc"; push(@input, '%' . $string . '%'); $sth=$dbh->prepare("SELECT * FROM table WHERE field LIKE ?") or die $dbh->errstr; $sth->execute(@input) or die $dbh->errstr;

What is the best way to use in():
@input = (); $string = "1,2,3"; push(@input, $string); $sth=$dbh->prepare(" SELECT * FROM table WHERE field IN (?) ") or die $dbh->errstr; $sth->execute(@input) or die $dbh->errstr;
Thank You. 🙏

Replies are listed 'Best First'.
Re: sql bind parameterization clarity
by Corion (Patriarch) on Aug 26, 2022 at 18:21 UTC

    For IN, I use something like:

    my $placeholders = join ",", (('?') x @values); my $sth = $dbh->prepare(" SELECT * FROM table WHERE field IN ($placeholders) ") or die $dbh->err +str; $sth->execute(@values);

      -- for postgres you can simplify that a bit by where field = any ( ? ) -- followed by $sth->execute(\@values) -- note the backslash

      Thank You.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://11146457]
Approved by marto
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having a coffee break in the Monastery: (3)
As of 2024-07-14 13:56 GMT
Find Nodes?
    Voting Booth?

    No recent polls found

    erzuuli‥ 🛈The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.