On Fri, Dec 19, 2014 at 01:12:16PM +0100, Alexander Foken wrote: > Hello all, > > this reminds me of a similar problem I had in 2000 with DBI, > DBD::Oracle, and Oracle. See > <http://marc.info/?t=95063959000004&r=1&w=2>, > <http://173.79.223.25/?l=dbi-dev&m=95077716125217&w=2>. > > Problem was using named placeholders (":foo") in DBI and at the same > time use PL/SQL code containing variables (":bar"), DBI considered > both ":foo" and ":bar" to be placeholders instead of leaving ":bar" > alone and pass it to Oracle. A set of patches from Michael A. Chase > allowed disabling parts or all of the placeholder parsing, so using > unnamed placeholders ("?") allowed using PL/SQL variables in SQL > statements. > > But the fundamental problem was not solved, there was and still is > no way to escape placeholders.
Can you, or anyone else, think of any situation where a backslash before a ? or :foo (or even $1) style placeholder might be valid SQL? So far no one has come up with one, so I'm getting more comfortable with the idea that a backslash before a placeholder is a safe change. I.e., there's a near-zero risk that upgrading a DBI driver to support backslashes would cause breakage in existing code. Tim.
