RE: How to store query results in an array?
- From: rjk-dbi@xxxxxxxxxxx (Ronald J Kimball)
- Date: Thu, 26 May 2005 10:05:48 -0400
Jared Still [mailto:jkstill@xxxxxxxxxx] wrote:
> Here's a fun and slightly obfuscated method to do that:
>
> my $usql=q{select username from dba_users};
> my $aryRef = $dbh->selectall_arrayref($usql);
> my @users = map { $aryRef->[$_][0] } 0..$#{$aryRef};
> my $newSql = q{select from users where username in ('}
> . join(q{','},@users) . q{')};
>
> print "$newSql\n";
Regardless of the method you use to construct the query, you should not
quote the values by hand. This approach will fail if a value contains a
single quote, and may make you vulnerable to SQL injection attacks.
Instead, either call $dbh->quote() or use placeholders. For example:
my @users = map $_->[0], @$aryRef;
my $newSql = 'SELECT FROM users WHERE username IN (' .
join(', ', map $dbh->quote($_), @users) . ')';
Ronald
.
- References:
- Re: How to store query results in an array?
- From: Jared Still
- Re: How to store query results in an array?
- Prev by Date: LongReadLen issue
- Next by Date: RE: LongReadLen issue
- Previous by thread: Re: How to store query results in an array?
- Next by thread: RE: How to store query results in an array?
- Index(es):
