[Purdue-pm] DBI Usage Question
Dave Jacoby
jacoby at purdue.edu
Fri Feb 22 07:22:47 PST 2008
Assume a database table Test with a self-incrementing primary key field
and two other fields, USERID and ABCD. You want to put user-input data
into USERID and ABCD. Assume this is the SQL string you want.
INSERT INTO Test ( USERID , ABCD ) VALUES ( 'random' , 'text' ) ;
http://www.stonehenge.com/merlyn/UnixReview/col58.html
Randal Schwartz codes his example using this syntax:
my $sth = $dbh->prepare(
q{ INSERT INTO Test ( USERID , ABCD ) VALUES ( ? , ? ) }
) ;
$sth->execute( $a , $b ) ;
I'd rather do it more like this:
$a = $dbh->quote($a) ;
$b = $dbh->quote($b) ;
my $query = qq{INSERT INTO Test {USERID,ABCD} VALUES ($a,$b);};
my $sth = $dbh->prepare($query) ;
$sth->execute() ;
Because then I know that I've explicitly and clearly quoted the inputs.
I know TMTOWTDI. I like that TMTOWTDI. But I believe that some ways are
better than others, and Randal Schwartz might know some of the better
ways. Is there an overriding, understandable reason why my way is worse?
--
David Jacoby jacoby at purdue.edu
Purdue Genomics Facility
S049, WSLR building
Phone: hah!
More information about the Purdue-pm
mailing list