Re^2: Using variables within a mysql query


more useful options
	PerlMonks

Re^2: Using variables within a mysql query

by psini (Deacon)

on May 11, 2008 at 21:29 UTC ( [id://685987]=note: print w/replies, xml )

Need Help??

in reply to Re: Using variables within a mysql query
in thread Using variables within a mysql query

I really doubt that this could work. From DBI's POD:

"With most drivers, placeholders can't be used for any element of a statement that would prevent the database server from validating the statement and creating a query execution plan for it"

And if it works, it should be a literal substitution, so probably can't be used to avoid sql injection

I, in my code, use plain old sprintf to build the query when I need to change table or column names and bind only the scalar values

Obviously everything is included with sprintf must be validated if coming from outside the script

Comment on Re^2: Using variables within a mysql query Download Code

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://685987]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others learning in the Monastery: (2)

As of 2024-04-26 06:26 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found