in reply to Avoiding SQL insecurities

You may also want to look into something like Class::DBI as a means of interfacing with your database. Class::DBI handles the SQL translation correctly without any interaction by you.

Even if you don't end up using the module it is a good piece of code to study to see how to work with a database from within Perl.

Replies are listed 'Best First'.
Re^2: Avoiding SQL insecurities
by eclark (Scribe) on Jul 16, 2004 at 01:38 UTC

    Always use placeholders. Examples below.

    $dbh->do('UPDATE table SET col = ? WHERE id = ?', {}, $value, $id);

my $sth = $dbh->prepare('SELECT foo, bar FROM table WHERE baz = ?');

$sth->execute($baz);

    [download]
[reply]
[d/l]

In Section Seekers of Perl Wisdom