[Melbourne-pm] Perl DBI reference recommendations

Craig Sanders cas at taz.net.au
Thu Jul 16 23:51:01 PDT 2009

On Thu, Jul 16, 2009 at 03:38:51PM +0800, Sam Watkins wrote:
> I highly recommend using the "bind values" stuff with the ?s in the SQL
> and corresponding parameters to execute.  DBI will quote and escape
> values for you correctly so you don't need to worry about SQL injection
> attacks, etc.

i would go way beyond 'highly recommending' them and simply refuse to
mention that there's any other way to pass variables to prepare & execute.

if someone wants to shoot themselves in the foot, they can do it without
my help.


craig sanders <cas at taz.net.au>

More information about the Melbourne-pm mailing list