Slightly off topic... but since you mentioned it: PLEASE don't actually put literal values into your sql by string interpolation:
$sql = "... thing_id = $thing_id ...";. Do it with
placeholders and
bind values. This can be more and less of a performance issue with different types of databases, but it is
always a security issue.
In some databases, I could specify a $thing_id of
"5; drop table thing", and you'd be hating life. On databases where that sort of thing can't be made to work (like oracle, for example), I could still plant a denial of service attack by saying that $thing_id was
"(select min(thing1.thing_id)
from
thing thing1,
thing thing2,
thing thing3,
thing thing4,
thing thing5,
thing thing6,
thing thing7,
thing thing8,
thing thing9,
thing thing10
--look! no 'where', clause this is a 10-way cartesian product of thin
+g!
)"
You can come back in a month when your database finishes processing that query.
------------
:Wq
Not an editor command: Wq
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.