good chemistry is complicated, and a little bit messy -LW |
|
PerlMonks |
Re^8: Best practices for closing database connections?by Polyglot (Chaplain) |
on Mar 17, 2022 at 15:11 UTC ( [id://11142183]=note: print w/replies, xml ) | Need Help?? |
I appreciate the explanation and advice. My foo, bar, and quux, per your example, will vary virtually every time. It's not a matter of only the WHERE clause changing. I'm operating on a variety of tables and requesting various columns from them. This is why placeholders seem impractical to my situation. Essentially, I have a script in which I have created subroutines to collect each piece of information needed. To query the database, I call a subroutine. The subroutine creates the query statement, then passes it to a connectdb subroutine where that statement, after sanitizing, is sent to database (query execution). The database returns are sent back to the calling subroutine where they are processed as needed based on the expected form of the results. (A subroutine querying for a single piece of data will parse it differently than one expecting multiple columns and rows that need to be returned in table format.) In terms of security, I cannot help but think that my subroutine system, which provides the foo-bar structure of your example, does essentially the same thing, security-wise, as the placeholder setup. For example:
Feel free to clarify what I may still be missing. Blessings, ~Polyglot~
In Section
Seekers of Perl Wisdom
|
|