What about creating a statement handle on the statement using prepare? Couldn't you check DBI::errstr on a prepare to determine if the statement was valid?

Maybe something like this simple example ...

#!/usr/local/bin/perl
use warnings;
use strict;
use DBI;
require '/up/web/standard.pl';

my $dbh = db_connect_local(); # my home-grown connection routine
my $statement = 'select blah from my_table'; # blah is not a valid col
+umn on that table.

my $sth = $dbh->prepare($statement);
unless ($sth) { 
  print "Error: $DBI::errstr\n";
}
[download]

Update: It seems this does not work for MySQL, but it does work under DBD::Oracle. Thanks to erix and tye for pointing that out.

But you can teach it about DBMS specific data types, functions, and operators with the CREATE and DROP commands for types, functions and operators. For example if your DBMS doesn't support BLOB as a data type, issuing $dbh->do("DROP TYPE blob") before you begin will cause it to reject the word BLOB when used as a data type. "CREATE TYPE foo" will do the reverse - accept "foo" as a data type. The same works with functions and some operators (e.g. SLIKE or RLIKE).

The other thing you can do is use S::S as a first pass validator - in other words, you could use it to filter out all of the statements it recognizes as valid and then the ones that are left over you'd need to deal with some other way.

How about just adding a '0 = 1' condition to the statement?

I'd prefer to build the sql from separate parts (column-list, table list, join-list, condition-list, with only columns and conditions user-defined), but that would obviously be quite another approach, and more work.

That is the approach that I was using, until someone pointed out that at least with some versions/database types of MySQL, that fails precisely because of the transaction issue. That was one motivator for my question; the other was that some of the statements can be significant resource hogs, so it would be better to hold off executing them until they're actually needed.