I tend to assemble my arguments to execute as I assemble my SQL statement. There are many ways to do it. The following might give you some ideas:
use strict;
use warnings;
use Data::Dumper;
update(10, {
name => 'test',
value => 'success',
});
sub update {
my ($key, $params) = @_;
my $sql = "update my_table set ";
my @args;
$sql .= join(
', ',
map {
push(@args, $params->{$_});
"$_ = ?"
} keys %$params
);
$sql .= " where key = ?";
push(@args, $key);
die Dumper([$sql, \@args]);
}
which gives a coordinated SQL statement and array of arguments for execute:
$VAR1 = [
'update my_table set value = ?, name = ? where key = ?',
[
'success',
'test',
10
]
];
update: you should check the field names to avoid SQL injection. I typically qualify them against a list of known field names one way or another (grep a list, lookup in a hash, match a regular expression, etc.)