There's more than one way to do things | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Honourable Monks,
For security reasons I'm trying to convince colleagues to start using placeholders in SQL prepared statements instead of using variable interpolation ( I don't want to discuss this further) Now I'm getting the requirement to be able to show and log the resulting SQL statement of an ->execute() . The motivation is to facilitate a cut&paste into an SQL GUI in case of problems. There are multiple workarounds I could think of to mimic the process of ->bind_param() , but is there a proper way to use DBI.pm to get the analogous query after ->execute() ? for instance this
showing
in case of problems? I'm aware that MySql doesn't compose the query with placeholders by concatenating strings, it's rather something like:
which is still a acceptable for debugging (and easily constructable as a workaround). So my question is: Does DBI.pm show any resulting SQL-code from ->bind_param() or do I need to reconstruct the last code by myself after an error occurred?
Cheers Rolf
In reply to DBI.pm: composing and debugging MySql placeholders by LanX
|
|