When you use DB placeholders you're protected from that
kind of sillyness. All that will happen with your example query is that it will look for rows where the bar col contains ; DROP TABLE big_important_one
. Its only when
quoting by hand in a query that you have to worry about that kind of attack. DB calls using placeholders are one of the few places that you can generally trust that maliciously malformed user data
won't be able to cause harm.
Note: if your DB does not support placeholders, and the
DBD simulates them for you; you could still get into trouble if its not done properly. However, I don't know of any DBD that does this...