in reply to Re^2: Can I tell if DBI's quote() was used?
in thread Can I tell if DBI's quote() was used?

I wonder if it could detect when it was about to be double quoted. This seems useful enough that I wonder if it already exists.

If you override overload stringification, you could log any call to "". I expect that would be more or less enough information. Keep in mind that you actually want to detect the strings that haven't been quote()ed, though :-)

"What should it profit a man, if he should win a flame war, yet lose his cool?"
  • Comment on Re^3: Can I tell if DBI's quote() was used?

Replies are listed 'Best First'.
Re^4: Can I tell if DBI's quote() was used?
by kyle (Abbot) on Apr 06, 2008 at 20:10 UTC

    Yes, for detecting things that are not quoted, I can insert a sanity check everywhere. So, if I have this: 

    $dbh->do( "DELETE FROM user WHERE name = $name" );

    [download]

    ...I can do this: 

    ensure_quoted( $name );
$dbh->do( "DELETE FROM user WHERE name = $name" );

sub ensure_quoted {
    return if ref $_[0] ne ''
           && $_[0]->isa( 'Magic::DBI::Quote' );
    if ( $just_fix_it ) {
        # replace caller's variable
        $_[0] = $dbh->quote( $_[0] );
    }
    elsif ( $raise_the_red_flag ) {
        die "Oh noes! Unquoted string '$_[0]'";
    }
}

    [download]

    This is still considerable work, but at least I don't have to figure out where $name came from.

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom