[Melbourne-pm] Perl DBI reference recommendations
cas at taz.net.au
Thu Jul 16 23:51:01 PDT 2009
On Thu, Jul 16, 2009 at 03:38:51PM +0800, Sam Watkins wrote:
> I highly recommend using the "bind values" stuff with the ?s in the SQL
> and corresponding parameters to execute. DBI will quote and escape
> values for you correctly so you don't need to worry about SQL injection
> attacks, etc.
i would go way beyond 'highly recommending' them and simply refuse to
mention that there's any other way to pass variables to prepare & execute.
if someone wants to shoot themselves in the foot, they can do it without
craig sanders <cas at taz.net.au>
More information about the Melbourne-pm