RE: How to store query results in an array?

From: jkstill@xxxxxxxxxx (Jared Still)
Date: Thu, 26 May 2005 07:40:04 -0700

On Thu, 2005-05-26 at 07:05, Ronald J Kimball wrote:
> Regardless of the method you use to construct the query, you should not
> quote the values by hand. This approach will fail if a value contains a
> single quote, and may make you vulnerable to SQL injection attacks.

Yes, thank you. A bad habit I should get out of.

> Instead, either call $dbh->quote() or use placeholders. For example:
>
> my @users = map $_->[0], @$aryRef;
> my $newSql = 'SELECT FROM users WHERE username IN (' .
> join(', ', map $dbh->quote($_), @users) . ')';
>
> Ronald
>

.

Prev by Date: RE: LongReadLen issue
Next by Date: RE: LongReadLen issue
Previous by thread: RE: How to store query results in an array?
Next by thread: RE: How to store query results in an array?
Index(es):
- Date
- Thread

Relevant Pages

Re: regexp for two quotes
... quotesor no quotes in the string. ... If a single quote exists, ... and followed by a character other than a single quote ... That would fail q. ...
(perl.beginners)
Re: RowFilter where expression contains a single quote (such as ODoul
... Let's say the strLast has a value of O'Doul. ... extra single quote causes the RowFilter string to fail. ...
(microsoft.public.data.ado)
Re: regexp for two quotes
... quotesor no quotes in the string. ... If a single quote exists, ... aabbcc - Should Match ... that "aa'bb'cc" would fail the match. ...
(perl.beginners)
Re: What is wrong with select?
... either single quote yourself, or let DBI do it. ... Regards, ... Prev by Date: ...
(perl.dbi.users)
Re: Wont accept sheet name
... The single quote didn't seem to have any effect. ... The sheet name is ... "County Records". ... Prev by Date: ...
(microsoft.public.excel.programming)