A major update to SQL::Interpolate is now available. The most notable addition is support for a new quote-like sql// operator that intelligently and securely handles interpolation of variables into SQL strings:
my $rows = $dbh->selectall_arrayref( sql[
SELECT * FROM table
WHERE color IN @colors
OR color IN ['green', 'red', @colors]
AND color IN $rcolors
AND d = $x
LIMIT(start => $start, count => $count*2)
] );which (assuming @colors == 2 and the database is Postgres) is logically equivalent to
my $rows = $dbh->selectall_arrayref( qq[
SELECT * FROM table
WHERE color IN (?, ?)
OR color IN (?, ?, ?, ?)
AND color IN (?, ?)
AND d = ?
LIMIT ? OFFSET ?
], undef, $colors[0], $colors[1], 'red', 'green', $colors[0], $colors[1], $colors[0], $colors[1], $x,
$count*2, $start);
For additional information, refer to the project page and manual page:
http://www.math2.org/david/sql-interpolate/
Changes in this release:
- Added SQL::Interpolate::Filter module for source filtering with string-like sql// operator.
- Added DBIx::Interpolate module.
- Added SQL::Interpolate::SQL module.
- Support DB-independent macro calls inside SQL (e.g. LIMIT macro).
- Renamed sql_interpolate and dbi_interpolate to sql_interp and dbi_interp respectively.
-davidm
