Don't ask to ask, just ask | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Well, as Abigail mentioned, if you use stored procs you can limit the amount of database-specific code to something very small.
At eCircles (unfortunately dead now) we had a web site with around 80k lines of perl code, of which 400 were database-specific (using Sybase::CTlib), and with table-driven definitions for each stored procedure (i.e. logical database request). And because we were using Sybase's RPC functionality to call the procs there was 0 risk of SQL injection as there was no SQL parsing involved anywhere in the execution path. DBD::Sybase is capable of using the RPC functionality as well Michael In reply to Re: Re: Re: (z) Separation of SQL code
by mpeppler
|
|