in reply to Re: Can I tell if DBI's quote() was used?
in thread Can I tell if DBI's quote() was used?

I love this idea! The object it returns could (hopefully) track its own usage and dump that information for debugging. That is, use caller to provide a log:

  1. File and line where the object was created.
  2. File and line for each place it was stringified.

It could dump this on destruction or continuously during its lifetime. I wonder if it could detect when it was about to be double quoted. This seems useful enough that I wonder if it already exists.

  • Comment on Re^2: Can I tell if DBI's quote() was used?

Replies are listed 'Best First'.
Re^3: Can I tell if DBI's quote() was used?
by Joost (Canon) on Apr 06, 2008 at 19:52 UTC
    I wonder if it could detect when it was about to be double quoted. This seems useful enough that I wonder if it already exists.

    If you override overload stringification, you could log any call to "". I expect that would be more or less enough information. Keep in mind that you actually want to detect the strings that haven't been quote()ed, though :-)

    "What should it profit a man, if he should win a flame war, yet lose his cool?"
[reply]

      Yes, for detecting things that are not quoted, I can insert a sanity check everywhere. So, if I have this: 

      $dbh->do( "DELETE FROM user WHERE name = $name" );

      [download]

      ...I can do this: 

      ensure_quoted( $name );
$dbh->do( "DELETE FROM user WHERE name = $name" );

sub ensure_quoted {
    return if ref $_[0] ne ''
           && $_[0]->isa( 'Magic::DBI::Quote' );
    if ( $just_fix_it ) {
        # replace caller's variable
        $_[0] = $dbh->quote( $_[0] );
    }
    elsif ( $raise_the_red_flag ) {
        die "Oh noes! Unquoted string '$_[0]'";
    }
}

      [download]

      This is still considerable work, but at least I don't have to figure out where $name came from.

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom