in reply to Re: Avoiding SQL insecurities
in thread Avoiding SQL insecurities

Always use placeholders. Examples below.

$dbh->do('UPDATE table SET col = ? WHERE id = ?', {}, $value, $id);

my $sth = $dbh->prepare('SELECT foo, bar FROM table WHERE baz = ?');

$sth->execute($baz);

[download]

In Section Seekers of Perl Wisdom