[Purdue-pm] DBI Usage Question

Dave Jacoby jacoby at purdue.edu
Fri Feb 22 07:22:47 PST 2008

Assume a database table Test with a self-incrementing primary key field 
and two other fields, USERID and ABCD. You want to put user-input data
into USERID and ABCD. Assume this is the SQL string you want.

   INSERT INTO Test ( USERID , ABCD ) VALUES ( 'random' , 'text' ) ;

Randal Schwartz codes his example using this syntax:

   my $sth = $dbh->prepare(
     q{ INSERT INTO Test ( USERID , ABCD ) VALUES ( ? , ? ) }
     ) ;
   $sth->execute( $a , $b ) ;

I'd rather do it more like this:

   $a = $dbh->quote($a) ;
   $b = $dbh->quote($b) ;
   my $query = qq{INSERT INTO Test {USERID,ABCD} VALUES ($a,$b);};
   my $sth = $dbh->prepare($query) ;
   $sth->execute() ;

Because then I know that I've explicitly and clearly quoted the inputs.

I know TMTOWTDI. I like that TMTOWTDI. But I believe that some ways are 
better than others, and Randal Schwartz might know some of the better 
ways. Is there an overriding, understandable reason why my way is worse?

David Jacoby    jacoby at purdue.edu
   Purdue Genomics Facility
   S049, WSLR building
   Phone: hah!

More information about the Purdue-pm mailing list