in reply to Explanation of Code Problem

Hi,

You may want to read the DBI documentation about prepared statements. A prepared statement is one where instead of actually putting values in the sql, placeholders (?) are used instead. Then the statement can be resused a bunch of times with different data sets. Prepared statements have a number of advantages with regards to security, performance, and reusability all of which are dicussed in the DBI documentation.

Here is an example:

$sql = "select colnm from tblnm where colmn in (?,?,?);
$st = $dbh->prepare($sql);

# Select where colmn in (1, 2, 3)
$st->execute(1, 2, 3);

....

# Select where colmn in (4, 5, 6)
$st->execute(4, 5, 6);

[download]

And so on. In general, the SQL will not contain the values. The values (@array) are passed in during each execution.

Hope this helps.

Ted Young

($$<<$$=>$$<=>$$<=$$>>$$) always returns 1. :-)

Replies are listed 'Best First'.
Re^2: Explanation of Code Problem
by ikegami (Patriarch) on Jan 04, 2005 at 16:16 UTC

    Using placeholders (the question marks) has two advantages I can see:

    1) You can reuse the same prepared statement more than once (by binding different values), saving execution time.

    2) You don't have to validate (in the case of numerical args) or escape (in the case of string args) the arguments, as you would have to do if you were including them directly into the SQL statement.

[reply]
Re^2: Explanation of Code Problem
by Anonymous Monk on Jan 04, 2005 at 16:24 UTC
    So you're saying that the "?s" that I am seeing when I print the values of $sql just means how many values are in the @array, and that the actual values like you mentioned are been passed literally trough each execution based in the number of elements of the @array?
    Does that sounds like what you're trying to say?
[reply]
      Yep

      Ted Young

      ($$<<$$=>$$<=>$$<=$$>>$$) always returns 1. :-)
[reply]
[d/l]

In Section Seekers of Perl Wisdom