in reply to Re^4: regexp question
in thread regexp question

Yes, but it's not "prepared" part that's important here, it's the placeholders ("?"). See the do above, for example.

Replies are listed 'Best First'.
Re^6: regexp question
by Nodonomy (Novice) on Jan 29, 2011 at 20:15 UTC
    Understood.
[reply]

      I want to thank Perl Monks for the advice given in this thread. Until now, I was completely unaware of "Prepared Statements" in Java (and "placeholders" in Perl), and now I have a little advice to give others:

      For any developer that has text from any source that will be stored in a relational database (and this includes fields such as 'name' and 'address'), use placeholders to enter the data. This removes any concern whatsoever with respect to unicode and characters that may cause havoc (e.g., single quotes, ampersands, and the like).

      Because this isn't my first experience with such disruptive characters, I do know trying to cover all the possibilities is maddening and time consuming, and really for no reason in the case of RDBMS.

      So thanks again to Ikegami and Anonymous Monk.

[reply]

        Why do you insist on equating prepared statements and placeholders? You even went to the trouble of highlighting the error?!

        Both Perl and Java have prepared statements and placeholders. 

                                                        Placeholder
                                                    v
my $sql = "INSERT INTO my_table (col_string) VALUES(?)";
my $sth = $dbh->prepare($sql);
     ^
  Prepared statement

        [download]
                                                           Placeholder
                                                       v
String sql = "INSERT INTO my_table (col_string) VALUES(?)";
PreparedStatement pstmt = connection.prepareStatement(sql);
                    ^
                 Prepared statement

        [download]
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom