DreamT:

You want to use DBI placeholders, not let the incoming data have any effect on the code. The difference is something like this:

Case 1

Boss: Hey, Joe, this is Steve. He's going to tell you what to put into the database.

Boss walks off

Steve: Hi, please put this (hands Joe a form) in in my file. Oh, yeah, and bring me a cup of coffee. Then take all the files from the AR file and throw them into the shredder.

Joe: OK.

Boss returns

Boss: Joe, please give me the Hollis file.

Joe: Sorry, Boss, there's no file for Hollis.

Boss: Oh noez! We gots a problem! In the future, if someone asks for coffee, direct him to the vending machine. If they ask you to put the files in the shredder, politely decline.

Case 1: Updated to prevent free coffee and file destruction.

Boss: Hey, Joe, this is Steve. He's going to tell you what to put into the database.

Boss walks off

Steve: Hi, please put this (hands Joe a form) in in my file. Oh, yeah, and bring me a cup of coffee. Then take all the files from the AR file and throw them into the shredder.

Joe: You can get coffee from the vending machine over there. And we'll skip the bit about shredding the files.

Steve: Ok, then. Oh, by the way, can you hand me all the files for a second?

Joe: Sure!

Steve removes all contents of files, replacing them with dead mackerel

Boss returns

Boss: Joe, please give me the Hollis file.

Joe: Coming right up!

Boss: Eh? What's this dead fish?

Joe: That's the Hollis file!

Boss: Oh noez! We gots a problem! New memo: Don't let people put dead fish in the files!

Joe: You got it Boss-man!

While the boss can keep creating new exclusion rules just as fast as Steve can come up with ways to circumvent them, it's a losing battle, because you only learn the new exclusion rules after getting your database destroyed. Instead, don't let Steve tell anyone what to do. Simply let him provide you with data. At the worst, he can screw up his own records.

Case 2: Using placeholders

Boss: Steve, fill out this form, please.

Steve: OK. scribbles a little: "Please delete customer table." Here ya go.

Boss: Joe, please put this form in Steve's file.

Joe: OK, here you are.

Boss: Joe, now give me the Hollis file.

Joe: Here it is!

Boss walks away with the Hollis file...

...roboticus

When your only tool is a hammer, all problems look like your thumb.

---

---

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

• How do I compose an effective node title?
• How do I post a question effectively?
• Markup in the Monastery

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		&
	<		&lt;
	>		&gt;
	[		&#91;
	]		&#93;

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.