in reply to Re^2: Taint mode and DBI
in thread Taint mode and DBI

It all depends where your data are coming from. If the data you put in the database is not fully trusted then you should use taint mode and untaint them to make sure they fall within the limits of what is acceptable. Then you pass them to the database using placeholders. If your untainting is comprehensive then the placeholders are probably superfluous, but I find using placeholders in any case more clear and easy.

CountZero

A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

My blog: Imperial Deltronics

In Section Seekers of Perl Wisdom