Hi Michael, >>> and SQL statement concatenation with ";" as seperator does not >> >> this is new, usaly this should work with mysql too... > > The problem is that concatenation allows to perform several SQL > operations especially inserts in a very efficient way. This is > interesting for the batch stuff where we need performance. finally I > removed this code from OpenCA::DBI to get better maintainable code.
as I said in another post: don't do it. Use the prepare() method or better yet the prepare_cached() method of DBI. You can store the prepared handles in a member variable for later use. Using 'prepared' statements repeatedly is extremely efficient, it should be even more efficient than using do() or similar. Remember that initially parsing the SQL is expensive, calling the DB on a prepared statement with the appropriate parameters is not. Oh, and always use bind_param() or execute(). Suggestions: - Never insert variables directly into the SQL prepare statement. - Don't use do() If you have to use either, remember to quote each single variable using DBI::quote() to prevent SQL injection attacks. - Always use prepare(), bind_param() and execute(), even for single queries. Martin ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
