Your skill will accomplish what the force of many cannot |
|
PerlMonks |
in reply to SQL Placeholders - clarification
As the others have said, yes, don't interpolate any of those variables into the SQL. If you find you want to use placeholders in places where they are not supported, like say table names (which is pretty uncommon anyway!), then you may want to look at SQL::Abstract.
use SQL::Abstract; my $sql = SQL::Abstract->new; my $table = 'Web_Page'; my ($stmt, @bind) = $sql->insert($table, { template => $request, test => $test, source => $data{source}, Visitor_idVisitor => $cookie{_ls_visit} }); my $sth = $dbh->prepare($stmt); $sth->execute(@bind);
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: SQL Placeholders - clarification
by Bod (Parson) on Feb 28, 2021 at 15:02 UTC | |
by marto (Cardinal) on Feb 28, 2021 at 16:51 UTC | |
by 1nickt (Canon) on Mar 01, 2021 at 14:00 UTC |