Bod has asked for the wisdom of the Perl Monks concerning the following question:
Over on Re^6: Splitting the records into multiple worksheets, hippo pointed out the error of my ways and I have been going through some code that's being produced to implement placeholders. Can I please check that I am now on the right lines and doing things better...
I had this line of code...
All the variables are generated within the code except $data{'source'} which is derived from the HTTP query string and therefore potentially unsafe.$dbh->do("INSERT INTO Web_Page SET template = '$request', test = '$tes +t', source = '$data{'source'}', Visitor_idVisitor = $cookie{'_ls_visi +t'}") unless $$vars{'testpage'};
I have replaced that line of code with this...
Is that the best approach or should I be using placeholders for every variable, even those I have declared and therefore know are safe?unless ($vars->{'testpage'}) { my $query = $dbh->prepare("INSERT INTO Web_Page SET template = '$r +equest', test = '$test', source = ?, Visitor_idVisitor = $cookie{'_ls +_visit'}"); $query->execute($data{'source'}); }
Back to
Seekers of Perl Wisdom