more useful options | |
PerlMonks |
Re^2: Using variables within a mysql queryby psini (Deacon) |
on May 11, 2008 at 21:29 UTC ( [id://685987]=note: print w/replies, xml ) | Need Help?? |
I really doubt that this could work. From DBI's POD: "With most drivers, placeholders can't be used for any element of a statement that would prevent the database server from validating the statement and creating a query execution plan for it" And if it works, it should be a literal substitution, so probably can't be used to avoid sql injection I, in my code, use plain old sprintf to build the query when I need to change table or column names and bind only the scalar values Obviously everything is included with sprintf must be validated if coming from outside the script
In Section
Seekers of Perl Wisdom
|
|