Thanks to the wisdom of The Monastery I have started using placeholders for all database operations and they are being retro applied to existing code whenever I look at it to enhance security.
In a number of places I have wanted to use the same placeholder multiple times. I have found reference to named placeholders but cannot find a working example and the few experiments I have tried have not worked. Here is an example from production code:
my $query = $dbh->prepare("SELECT idOutbound, type, DAY(dateDue) FROM
+LD_Outbound WHERE (dateDue >= ? AND dateDue < ? + INTERVAL 1 MONTH) O
+R (defaultDate >= ? AND defaultDate < ? + INTERVAL 1 MONTH)");
$query->execute("$last_y-$last_m-01", "$last_y-$last_m-01", "$last_y-$
+last_m-01", "$last_y-$last_m-01");
Here all four placeholders are the same.
I have tried using
bind_param but that doesn't work
my $query = $dbh->prepare("SELECT idOutbound, type, DAY(dateDue) FROM
+LD_Outbound WHERE (dateDue >= ?:NOW AND dateDue < ?:NOW + INTERVAL 1
+MONTH) OR (defaultDate >= ?:NOW AND defaultDate < ?:NOW + INTERVAL 1
+MONTH)");
$query->bind_param(:NOW, "$last_y-$last_m-01");
$query->execute();
The
documentation is not very clear.
Is there a way to just specify the variable once if it is going to be used multiple times in the query?