Re: SQL Placeholders - clarification

As the others have said, yes, don't interpolate any of those variables into the SQL. If you find you want to use placeholders in places where they are not supported, like say table names (which is pretty uncommon anyway!), then you may want to look at SQL::Abstract.

use SQL::Abstract;
my $sql = SQL::Abstract->new;
my $table = 'Web_Page';
my ($stmt, @bind) = $sql->insert($table, { template => $request,
        test => $test, source => $data{source},
        Visitor_idVisitor => $cookie{_ls_visit} });
my $sth = $dbh->prepare($stmt);
$sth->execute(@bind);
[download]

Comment on Re: SQL Placeholders - clarification Download Code

Replies are listed 'Best First'.
Re^2: SQL Placeholders - clarification by Bod (Parson) on Feb 28, 2021 at 15:02 UTC
I don't think I have ever found it necessary to dynamically select table names. Field names I do sometimes - usually to put a telephone number in a mobile or landline field depending on the format. Thanks for drawing my attention to SQL::Abstract. Nice to know it is there but I cannot see me needing to use it anytime soon.	[reply]
Re^3: SQL Placeholders - clarification by marto (Cardinal) on Feb 28, 2021 at 16:51 UTC
"Nice to know it is there but I cannot see me needing to use it anytime soon." Indeed, it's a great tool to be aware of and keep the concept of tucked away until you need it, most of the time I don't have call for it, but am grateful it's there when I do :)	[reply]
Re^4: SQL Placeholders - clarification by 1nickt (Canon) on Mar 01, 2021 at 14:00 UTC
FWIW I use SQL::Abstract::More for almost every SQL statement I build. I'm better at Perl :-P The way forward always starts with a minimal test.	[reply]


go ahead... be a heretic
	PerlMonks