Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw

Re: SQL Placeholders - clarification

by haukex (Bishop)
on Feb 28, 2021 at 13:26 UTC ( #11128906=note: print w/replies, xml ) Need Help??

in reply to SQL Placeholders - clarification

As the others have said, yes, don't interpolate any of those variables into the SQL. If you find you want to use placeholders in places where they are not supported, like say table names (which is pretty uncommon anyway!), then you may want to look at SQL::Abstract.

use SQL::Abstract; my $sql = SQL::Abstract->new; my $table = 'Web_Page'; my ($stmt, @bind) = $sql->insert($table, { template => $request, test => $test, source => $data{source}, Visitor_idVisitor => $cookie{_ls_visit} }); my $sth = $dbh->prepare($stmt); $sth->execute(@bind);

Replies are listed 'Best First'.
Re^2: SQL Placeholders - clarification
by Bod (Chaplain) on Feb 28, 2021 at 15:02 UTC

    I don't think I have ever found it necessary to dynamically select table names. Field names I do sometimes - usually to put a telephone number in a mobile or landline field depending on the format.

    Thanks for drawing my attention to SQL::Abstract. Nice to know it is there but I cannot see me needing to use it anytime soon.

      "Nice to know it is there but I cannot see me needing to use it anytime soon."

      Indeed, it's a great tool to be aware of and keep the concept of tucked away until you need it, most of the time I don't have call for it, but am grateful it's there when I do :)

        FWIW I use SQL::Abstract::More for almost every SQL statement I build. I'm better at Perl :-P

        The way forward always starts with a minimal test.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://11128906]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (3)
As of 2021-04-13 05:15 GMT
Find Nodes?
    Voting Booth?

    No recent polls found