>
> This interpolation of string variables into an SQL statement is an SQL
> injection attack waiting to happen:
>
> * http://en.wikipedia.org/wiki/SQL_injection
>
> * http://community.livejournal.com/shlomif_tech/35301.html
>
> * http://bobby-tables.com/
>
> Please avoid it by using placeholders.
>
how can i have place holder when i am trying to get a hashref ..
$select_hashref = $DBH->selectall_hashref(" select * from mytable where
username=$name ") ;
i can not use a the <<?>> place holder here can i .. ?/
> --
>
Regards
Agnello D'souza
