Bod has asked for the wisdom of the Perl Monks concerning the following question:
Over on Re^6: Splitting the records into multiple worksheets, hippo pointed out the error of my ways and I have been going through some code that's being produced to implement placeholders. Can I please check that I am now on the right lines and doing things better...
I had this line of code...
All the variables are generated within the code except $data{'source'} which is derived from the HTTP query string and therefore potentially unsafe.$dbh->do("INSERT INTO Web_Page SET template = '$request', test = '$tes +t', source = '$data{'source'}', Visitor_idVisitor = $cookie{'_ls_visi +t'}") unless $$vars{'testpage'};
I have replaced that line of code with this...
Is that the best approach or should I be using placeholders for every variable, even those I have declared and therefore know are safe?unless ($vars->{'testpage'}) { my $query = $dbh->prepare("INSERT INTO Web_Page SET template = '$r +equest', test = '$test', source = ?, Visitor_idVisitor = $cookie{'_ls +_visit'}"); $query->execute($data{'source'}); }
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: SQL Placeholders - clarification
by dave_the_m (Monsignor) on Feb 28, 2021 at 12:21 UTC | |
by LanX (Saint) on Feb 28, 2021 at 12:24 UTC | |
by dsheroh (Monsignor) on Mar 01, 2021 at 08:31 UTC | |
Re: SQL Placeholders - clarification
by Discipulus (Canon) on Feb 28, 2021 at 12:27 UTC | |
Re: SQL Placeholders - clarification
by haukex (Archbishop) on Feb 28, 2021 at 13:26 UTC | |
by Bod (Parson) on Feb 28, 2021 at 15:02 UTC | |
by marto (Cardinal) on Feb 28, 2021 at 16:51 UTC | |
by 1nickt (Canon) on Mar 01, 2021 at 14:00 UTC | |
Re: SQL Placeholders - clarification
by marto (Cardinal) on Feb 28, 2021 at 12:37 UTC | |
Re: SQL Placeholders - clarification
by dsheroh (Monsignor) on Mar 01, 2021 at 08:34 UTC | |
Re: SQL Placeholders - clarification
by Anonymous Monk on Feb 28, 2021 at 16:22 UTC |
Back to
Seekers of Perl Wisdom