Yes, placeholders make it safe to insert any sort of data, but they do not address issues like violating constraints on the table, inserting alphabetic data into columns that are supposed to have numerics, putting an unknown string into an "enum"-type field, etc.
The behavior may vary from one DBD to the next, but for some at least, I believe using placeholders will not cause any alteration of the field data being provided. It's simply a means of conveying values to the database engine without doing any SQL interpretation of the data. So "bad characters" are neither removed nor escaped -- they should be faithfully stored as-is in the database. | [reply] |
Yes, DBI quoting or placeholders make insertions safe enough, but you then need to arrange for DBI select results to be tainted and checked. Better IMO to check once to start with, though data with unknown future uses might force reconsideration of that.
| [reply] |