Philip Mak wrote:
> ...
> If I had to write it again, I would do something like this instead:
>
> my %f = %{$Request->Form};
> my %d = ();
> for (keys %f) {
> $d{$_} = $dbh->quote($f{$_});
> }
> $d{collection} = 'NULL' unless $f{collection};
> $d{track} = 'NULL' unless $f{track};
>
> and then I can access all the form variables using %f, and the
> database quoted version of the form variables using %d.
>
This is a good tip on better coding practice... futher
I would recommend that people not use $dbh->quote() at all,
but rather make use of bind parameters like:
my $form = $Request->Form();
my $sth = $dbh->prepare("select * from sometable where column1 = ?");
$sth->execute($form->{column1});
my $row = $sth->fetchrow_array;
- or even simpler -
my $form = $Request->Form();
my $row = $dbh->selectrow_array("select * from sometable where column1 = ?", undef,
$form->{column1});
I know in perl there are many ways, but using bind parameters let you
never to have to use $dbh->quote ( I have never had to use it ),
or default to NULL ( since undef is NULL for bind params ), with the
added benefit for some databases that cache execution plans like Oracle,
using bind paramters will let the SGA cache statements that are prepared
previously better, without bind parameters any kind of db statement plan
cache would be flushed pretty quickly.
--Josh
_________________________________________________________________
Joshua Chamas Chamas Enterprises Inc.
NodeWorks Founder Huntington Beach, CA USA
http://www.nodeworks.com 1-714-625-4051
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
