in reply to Re^3: DBI parameterized database query with comma seperated list
in thread DBI parameterized database query with comma seperated list

In addition to the on-point reply by kennethk, it should be noted that MySQL does not implement the SQL:1999 feature for CTEs, including RECURSIVE expressions. This is a well-known bug/limitation (reported in 2006!) and there appears little interest in fixing it upstream.

While CTEs don't appear to be overly beneficial for this problem in terms of SQL input safety, lack of this support is certainly a drawback for those using or considering MySQL as a platform. Given that every other major RDBMS supports CTEs, "Buyer Beware."

  • Comment on Re^4: DBI parameterized database query with comma seperated list

Replies are listed 'Best First'.
Re^5: DBI parameterized database query with comma seperated list
by Pope-O-Matik (Pilgrim) on Dec 21, 2015 at 11:42 UTC

    it should be noted that MySQL does not implement the SQL:1999 feature for CTEs

    Wow! Didn't know that at all. I just assumed.... Thank you for the heads up!

    A quick search shows people doing this with functions. It's likely better than doing it in another layer, but certainly not as good as using straight SQL (for both performance and security reasons.)

[reply]

In Section Seekers of Perl Wisdom