in reply to Re: Re: Re: Re: SQL query: are all results in one hashref key the same?
in thread SQL query: are all results in one hashref key the same?

Well, the second example is just embedding a ridulous sub-query in your outer query. The way that SQL semantics work, if you say you are selecting from 2 tables and don't specify a correspondance between the rows of one and the rows of the other, then the result is the cartesian product of the rows in each table. If you do this with several tables (or, as in my example, several occurnces of the same table), then the resulting cartesian product is the size (in rows) of the product of the sizes (in rows) of all the tables.

So let's say in our example that your table has only 100 rows in it... by joining it on itself 10 times over, you get one google (10 to the 100th power) of rows. By telling the database to take a minimum value out of those 1 google rows, you would lock up the database for, well, basicaly for ever, sorting through all of those rows. This would essenially deny service to your database until an administrator killed that query.

Anyways, the point of the second example was: some database drivers, such as DBD::Oracle, do not allow you to embed multiple queries in a single DBI call, even if you put a semi-colon in there. I was just demonstrating a way that DBD::Oracle is still suceptible (spelling?) to attack through "SQL injection" (which, if I recall correctly, is the proper term for this form of attack).


------------
:Wq
Not an editor command: Wq
  • Comment on Re: Re: Re: Re: Re: SQL query: are all results in one hashref key the same?

In Section Seekers of Perl Wisdom