Welcome to the Monastery | |
PerlMonks |
Re: DBI, place holders and CGI formsby wind (Priest) |
on Jun 02, 2011 at 15:32 UTC ( [id://907822]=note: print w/replies, xml ) | Need Help?? |
Yes, even if you dynamically build your sql statement, you should still use placeholders and bind values. A functionally equivalent method would be to use DBI::quote, but I prefer to always use placeholders less one forget to quote a field.
In Section
Seekers of Perl Wisdom
|
|