perl and database: argument for the prepare method

lsand2525 has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: perl and database: argument for the prepare method by neilwatson (Priest) on Jun 05, 2014 at 23:48 UTC
Ideally you want the prepare statement to have place holders that you can bind variables to with 'execute'. The place holders escape the contents of vars offering some protection against accidental or intentional invalid data. https://metacpan.org/pod/DBI#Placeholders-and-Bind-Values Neil Watson watson-wilson.ca	[reply]
Re: perl and database: argument for the prepare method by wjw (Priest) on Jun 05, 2014 at 23:08 UTC
The prepare method simply takes valid SQL statement and readies it for submission to the database. What happens underneath is dependant on the DBI you are useing(mySQL, SQLite, Oracle....whatever). I generally prefer to place my query in a string variable, which I usually call $q and then hand that to the prepare method. `my $q = qq(select myfield from mytable order by mydate); my $sth = $dbh->prepare($q);` [download] (not tested) there are other considerations related to security, but to start, that is the basic requirement. hope that is helpful.... ...the majority is always wrong, and always the last to know about it... Insanity: Doing the same thing over and over again and expecting different results... A solution is nothing more than a clearly stated problem...otherwise, the problem is not a problem, it is a facct wjw	[reply] [d/l]
Re: perl and database: argument for the prepare method by locked_user sundialsvc4 (Abbot) on Jun 06, 2014 at 07:20 UTC
In the semantics of the situation, “prepare” is supposed to correspond to the step when the SQL string is transformed into an execution-plan that can be carried out one-or-more times, using different placeholders (which are merely “inputs”), without the overhead of recalculating the execution plan. A module on the server-side known as the “query optimizer” constructs the plan.
Re^2: perl and database: argument for the prepare method by GotToBTru (Prior) on Jun 06, 2014 at 14:30 UTC
Exactly. If you will be executing a statement multiple times, you only need prepare it once. This will save time. `$update=<<UPDATE; update foo set bar = ? where id = ? UPDATE $dbstmt = $dbhandle->prepare($update); foreach $recid (keys %records) { $dbstmt->execute($newvalues{$recid}, $recid); }` [download] 1 Peter 4:10	[reply] [d/l]