[ABE.pm] Re: array references?
Faber Fedor
faber at linuxnj.com
Mon Oct 4 19:05:56 CDT 2004
On 02/10/04 16:17 -0400, Ricardo SIGNES wrote:
> * Faber Fedor <faber at linuxnj.com> [2004-10-01T18:05:11]
> > I hacked this together from something I read on usenet:
> >
> > my $data_array = $dbh->selectall_arrayref("select id, weight from
> > $table where realdate = '" . $fulldate ."'");
>
> I'm not sure about the use of $table, but at least consider
$table is a variable that get's set, just like $fulldate.
>
> $dbh->selectall_arrayref(
> "SELECT id, weight FROM table WHERE realdate = ?",
> undef,
> $fulldate
> );
>
> This will use proper quoting to get the date in, and avoid SQL injection
> attacks.
This will put quotes around the date, e.g. the SQL will read like this:
SELECT id, weight FROM table WHERE realdate = '1993-01-31'
:-?
> $sum += @{$_->[1]} for @$data_array;
Now what's the difference between yours and Phils, other than you have
more squigglies in yours?
> open my $output, '>', $outfile;
>
> This creates a lexical filehandle-reference, which will autoclose when
> it goes out of scope.
That's cute.
--
Regards,
Faber
Linux New Jersey: Open Source Solutions for New Jersey
http://www.linuxnj.com
More information about the ABE-pm
mailing list