From perldoc DBI: 
  Placeholders and Bind Values
    Some drivers support placeholders and bind values. *Placeholders*,
+ also
    called parameter markers, are used to indicate values in a databas
+e
    statement that will be supplied later, before the prepared stateme
+nt is
    executed. For example, an application might use the following to i
+nsert
    a row of data into the SALES table:

      INSERT INTO sales (product_code, qty, price) VALUES (?, ?, ?)

    or the following, to select the description for a product:

      SELECT description FROM products WHERE product_code = ?

    The "?" characters are the placeholders. The association of actual
    values with placeholders is known as *binding*, and the values are
    referred to as *bind values*.

    Note that the "?" is not enclosed in quotation marks, even when th
+e
    placeholder represents a string. Some drivers also allow placehold
+ers
    like ":"*name* and ":"*n* (e.g., ":1", ":2", and so on) in additio
+n to
    "?", but their use is not portable.

    With most drivers, placeholders can't be used for any element of a
    statement that would prevent the database server from validating t
+he
    statement and creating a query execution plan for it. For example:

      "SELECT name, age FROM ?"         # wrong (will probably fail)
      "SELECT name, ?   FROM people"    # wrong (but may not 'fail')

    Also, placeholders can only represent single scalar values. For ex
+ample,
    the following statement won't work as expected for more than one v
+alue:

      "SELECT name, age FROM people WHERE name IN (?)"    # wrong
      "SELECT name, age FROM people WHERE name IN (?,?)"  # two names

    When using placeholders with the SQL "LIKE" qualifier, you must re
+member
    that the placeholder substitutes for the whole string. So you shou
+ld use
    ""... LIKE ? ..."" and include any wildcard characters in the valu
+e that
    you bind to the placeholder.

[download]

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

In reply to •Re: Re: •Re: Re: Re: Back to acceptable untainted characters by merlyn
in thread Back to acceptable untainted characters by bradcathey

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.