Re: Perl oracle insert error handling

Side note: The first query ($SQL1) is prepared and executed, avoiding dynamic SQL and its ills. Bravo! But the second query ($SQL3) uses dynamic SQL. Perhaps you shopuld prepare that one as well.

Comment on Re: Perl oracle insert error handling

Replies are listed 'Best First'.
Re^2: Perl oracle insert error handling by homer4all (Acolyte) on Dec 23, 2014 at 16:47 UTC
Yes, you are right. There will be some query/syntax not written in best method since I'm still learning this. Any recommendations?	[reply]
Re^3: Perl oracle insert error handling by chacham (Prior) on Dec 23, 2014 at 16:50 UTC
Just prepare it the same way you did the first one, that is, by using placeholders where any data will be provided by variables. Then pass the variables in the execute statement. This will define the variables as parameters and guarantee they will not be used as DDL, DML, or TCL, even if they include malicious values.	[reply]