For placeholders, here's my take.
- Efficiency? I doubt that you'd ever spot a difference.
- Security? Yes, but it's not as simple as trivial SQL injection. In another message you wrote that "Quotes are escaped". I guess you are aware that different database engines allow different escaping mechanisms? That's why DBI offers the quote method to do the right thing for your particular database engine. You might, at some point in the future, fall in love with a different SQL engine. If you use placeholders, the engine's driver will use its correct quoting. Manually quoting every string with $dbh->quote works, too, but is cumbersome to review and more work if you add columns. Once you got into the habit of using placeholders, you and everyone reading your code can see that quoting has been taken care of.
- Because Perl culture says so? Well, every other programming language I've been using has the same recommendation: Use placeholders.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|