Re: PerlOO what i am doing???


Perl: the Markov chain saw
	PerlMonks

Re: PerlOO what i am doing???

by chacham (Prior)

on Aug 12, 2012 at 20:32 UTC ( [id://986978]=note: print w/replies, xml )

Need Help??

in reply to PerlOO what i am doing???

As a side note, building SQL strings is dynamic SQL. It is inefficient, pone to error, and allows for SQL injection.

As you're using prepare and execute on the actual statements, you can use placeholders and pass the variable's in a hash (the optional second parameter to execute), which is the first line of defense against SQL injection and more efficient.

That is, instead of:

my $sql = "select MNref from comment_record where MNid=" . "\"$self->{
+_MNid}\"";
my $ccr = $dbh->prepare($sql);
$ccr->execute() or die "$!";
[download]

use

my $sql = "select MNref from comment_record where MNid= ?";
my $ccr = $dbh->prepare($sql);
$ccr->execute($self->{_MNid}) or die $ccr->errstr;
[download]

It's also a lot easier to read. Note, also, return DBI's error, instead of just $!.

Comment on Re: PerlOO what i am doing??? Select or Download Code

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://986978]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others taking refuge in the Monastery: (3)

As of 2026-04-13 17:50 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

No recent polls found

Notices^?

	• hippo	‥ epoptai's answer Re: how do I set a cookie and redirect was blessed by hippo!
	• erzuuli	‥ Anonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.