On Wed, Aug 26, 2009 at 06:20, Raheel Hassan<raheel.has...@gmail.com> wrote:
> In CPAN documentation of DBI, i have problems in understanding the use, i
> read the given text many times but it is not explained in detail, can any
> one suggest me some other sites where i can get details and clear
> expalnation of the under given functions. Also are there any other sites for
> understanding CPAN modules if one could not get exactly what is expalined at
> CPAN.
>
> $dbh->quote($Value)
snip
This escapes characters the database considers special such as '.
Consider this code:
my $value = get_value_from_user();
my $sql = "select * from tablename where x = '$value'";
That code is very bad. If the user passes in the string "'; drop
table tablename; --" then the resulting SQL will be
select * from tablesname where x = ''; drop table tablename; --';
this is called an SQL injection attack. The quote method helps
prevent this sort of thing:
my $value = $dbh->quote(get_value_from_user());
my $sql = "select * from tablename where x = '$value'";
In this case, the SQL would be
select * from tablesname where x = '\'; drop table tablename; --';
You don't normally use the quote method directly. You should be using
placeholders in your sql:
my $sth = $dbh->prepare("select * from tablename where x = ?";
$sth->execute(get_value_from_user());
That code uses the quote method for you.
snip
> fetchrow_arrayref<http://search.cpan.org/%7Etimb/DBI-1.609/DBI.pm#fetchrow_arrayref>
snip
This fetches a row and returns it as an arrayref, so given a row with
the values "a", "b", "c" the result would be
my $row = ["a", "b", "c"];
If you want to know more about references see [perlreftut][1],
[perlref][2], and [perldsc][3], or ask about them here.
snip
> fetchrow_array<http://search.cpan.org/%7Etimb/DBI-1.609/DBI.pm#fetchrow_array>
snip
This fetches a row and returns it as an array, given the same row as
above the result would be:
my @row = ("a", "b", "c");
snip
> fetchrow_hashref<http://search.cpan.org/%7Etimb/DBI-1.609/DBI.pm#fetchrow_hashref>
snip
This fetches a row and returns it as a hashref. In this case we will
need to know the names of the columns, so we will assume they are foo,
bar, and baz:
my $row = {
foo => "a",
bar => "b",
baz => "c"
};
snip
> fetchall_arrayref<http://search.cpan.org/%7Etimb/DBI-1.609/DBI.pm#fetchall_arrayref>
> fetchall_hashref<http://search.cpan.org/%7Etimb/DBI-1.609/DBI.pm#fetchall_hashref>
snip
These both fetch all rows and return them as either arrayrefs or
hashrefs and returns those rows in an arrayref. So, given the rows
("a", "b", "c"), ("d", "e", "f"), ("g", "h", "i"), they would return:
my $data = [
["a", "b", "c"],
["d", "e", "f"],
["g", "h", "i"]
];
my $data = [
{ foo => "a", bar => "b", baz => "c" },
{ foo => "d", bar => "e", baz => "f" },
{ foo => "g", bar => "h", baz => "i" }
];
[1] : http://perldoc.perl.org/perlreftut.html
[2] : http://perldoc.perl.org/perlref.html
[3] : http://perldoc.perl.org/perldsc.html
--
Chas. Owens
wonkden.net
The most important skill a programmer can have is the ability to read.
--
To unsubscribe, e-mail: beginners-unsubscr...@perl.org
For additional commands, e-mail: beginners-h...@perl.org
http://learn.perl.org/
