I want to have a double-quoted string like this, where $dbh is a DBI database handle and $userinput is (potentially hostile) user input:
"select * from foo where bar = $dbh->quote($userinput)"
It doesn't work. That quote method isn't called. Instead, the $dbh object itself is converted to a string.
This works like I want:
"select foo from bar where baz = ${ \$dbh->quote($userinput) }"
But that is an ugly hack, referencing and dereferencing just to trick Perl's string parser into doing what I want.
Any better ideas? I know I can do "blah".$whatever."blah" but that's even harder for my eyes to parse.
Originally posted as a Categorized Question.