in reply to Re: After parsing .xls the rows getting emerged
in thread After parsing .xls the rows getting emerged

I understand your concept. In uploading I am using place holders.(Not in this code) 

my @delivery_failure_array = ($db_date,"$hour",@del_user_error_count,@
+del_user_network_count,@del_user_system_count);
$placeholders = join(',',('?') x scalar @delivery_failure_array);
$delivery_sth = $delivery_db->prepare("insert into $delivery_table val
+ues ($placeholders)");
$delivery_sth->execute(@delivery_failure_array) or die $DBI::errstr;

[download]

Can you please explain how it increases the security??? I am not aware of that at all.

Replies are listed 'Best First'.
Re^3: After parsing .xls the rows getting emerged
by chacham (Prior) on Oct 09, 2015 at 13:29 UTC

    Can you please explain how it increases the security?

    Most of work is behind the scenes. The DBI uses the placeholders to register a host variable via the database's CLI (call level interface.) When the values are passed to the CLI, they are contained and can only be values. Hence, no matter what is passed, it cannot adversely affect the statement.

    When placeholders are not used, the statement is not a statement until the variables are interpolated into the text. So, the statement might not be what it seems. Further, due to quoting and formatting, all sorts of things might need be done to variables, whereas placeholders need no such help. Finally, placeholders are (ultimately) strictly typed. Possibly making errors a little more sensible.

    This is aside from performance gains (when the statement (or, in some case, even a very similar statement) is executed multiple times) and self-documentation. Please, especially after doing the upload correctly and having this code most of the way there, don't use dynamic SQL.

[reply]
Re^3: After parsing .xls the rows getting emerged
by Anonymous Monk on Oct 09, 2015 at 07:32 UTC
[reply]

In Section Seekers of Perl Wisdom