Re^4: DBI variable argument count

OK....

I didn't know they were called placeholders until I came to this site. When I google searched for "mysql select placeholders", I discovered this:

http://stackoverflow.com/questions/8054421/mysql-perl-placeholder-rules

Says: "With most drivers, placeholders can't be used for any element of a statement that would prevent the database server from validating the statement and creating a query execution plan for it."

So now I guess I need to sanitize the user input for the select statement so there is less risk of attack on that front and simply execute() with no arguments.

Comment on Re^4: DBI variable argument count

Replies are listed 'Best First'.
Re^5: DBI variable argument count by CountZero (Bishop) on Sep 15, 2012 at 17:32 UTC
There is no problem using placeholders as arguments in the "WHERE" part of your SQL. CountZero A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James My blog: Imperial Deltronics	[reply]

Replies are listed 'Best First'.

Re^5: DBI variable argument count
by CountZero (Bishop) on Sep 15, 2012 at 17:32 UTC

CountZero

A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

My blog: Imperial Deltronics

[reply]