On 12/30/2011 12:50 PM, Igor Dovgiy wrote:
If you pass into SQL query something assigned by user, use
placeholders by all means. ) It's not that hard, but it'll save you a
lot of headaches, believe me. )
2011/12/30 Mark Haney <ma...@abemblem.com <mailto:ma...@abemblem.com>>
But there's another (and in my opinion, usually better) way:
using prepared sql statement:
my $sth = $dbh->prepare(q/
SELECT * FROM `events` WHERE `date` BETWEEN ? AND ?
/);
$sth->execute($begin_time, $end_time);
I can certainly do it this way, however, my ultimate goal is to
have these variables passed via a web form and since I'm still
getting my feet wet with using perl to a MySQL database
exclusively (I can do SQL very well, but never inside perl) I am
taking baby steps.
I'm definitely going to do it that way, now that I've had a chance to
read the replies and do some more googling on the subject. My biggest
issue now is parsing the form data from STDIN from a POST in a HTML
form. (Which is a whole other issue and not one I'm going to address
in this reply.
Thanks for all the replies. They were all very helpful.
