[Phoenix-pm] PERL DBI
David A. Sinck
phx-pm-list at grueslayer.com
Mon Mar 13 13:23:27 PST 2006
\_ SMTP quoth Scott Walters on 3/13/2006 17:30 as having spake thusly:
\_
\_ If you use placeholders, you never need to quote or escape data,
HAHAHAHAHA. Guess again. There's an instance, at least with MySQL
dbd that it will occasionally guess wrong on quoting/no quoting and
you'll spend hours trying to track it down because it's never burned
you before. I've been burned by it about three times now, although
only the first time hurt to the point of hours.
No, I don't have a small example. Usually it comes up in something
like
my $href = $sth->fetchrow_hashref;
$other_sth->execute($$href{string_val_that_dbd_does_not_quote});
\_ and you don't suffer
\_ from SQL command length limitations,
I bet I could could craft something that hits a buffer still using
placeholders if I wanted. :-)
\_ and the database doesn't have to parse potentially
\_ megs of data just to parse the SQL command,
Depends on the driver. MySQL dbd, last I checked, actually sub'd the
values in before it got passed to the engine. YMMV.
David
More information about the Phoenix-pm
mailing list