in reply to DBI, place holders and CGI forms
Yes, even if you dynamically build your sql statement, you should still use placeholders and bind values.
A functionally equivalent method would be to use DBI::quote, but I prefer to always use placeholders less one forget to quote a field.
|
|---|