Not a real hidden secret, and mentioned on this site before: (however i use it, since it's save for my examle): the
x operator.
have a look at the following example:
my $sql = join(",", @allsearchterms);
my $sth = $dbh->prepare("select * from table where value in($sql)");
# You need to place qutes arount the sql-items, but you'll get the poi
+nt here...
$sth->execute();
As you know, this isn't safe (sql Piggybacking)
Now concider the next code example:
my $qm = join ',', ('?') x @allsearchterms;
my $sth = $dbh->prepare("select * from table where value in($qm)");
$sth->execute(@allsearchterms);
As you see, a neat feature of Perl :)
Update:
code adjusted as suggested by
Hue-Bond
"We all agree on the necessity of compromise. We just can't agree on when it's necessary to compromise." - Larry Wall.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.