Re: Placeholder Help!

All what you need is to use prepared statements

my $query = $dbh->prepare("select users from mytable where number = ? 
+and serie = ?");
$query->execute(100,450);
while ( my $row = $query->fetchrow_hashref ) { 
    print $row->{'users'};
}
[download]

I don't remember seeing an exec_select method in the DBI class (I might be wrong).

Comment on Re: Placeholder Help! Download Code

Replies are listed 'Best First'.
Re^2: Placeholder Help! by chromatic (Archbishop) on Jun 07, 2010 at 20:55 UTC
In this case, the use of placeholders is unnecessary. Values hard-coded in SQL--especially simple integers like this--have no security risks or negative performance implications. Interpolating variables into SQL strings is a security risk. With that said, if you have a SQL abstraction system, using placeholders is fine if it reduces duplicate or near-duplicate code, but that appears not to be a concern here.	[reply]

Replies are listed 'Best First'.

Re^2: Placeholder Help!
by chromatic (Archbishop) on Jun 07, 2010 at 20:55 UTC

In this case, the use of placeholders is unnecessary. Values hard-coded in SQL--especially simple integers like this--have no security risks or negative performance implications. Interpolating variables into SQL strings is a security risk.

With that said, if you have a SQL abstraction system, using placeholders is fine if it reduces duplicate or near-duplicate code, but that appears not to be a concern here.

[reply]