On 10/10/2011 9:15 AM, Doran L. Barton wrote:
> On Monday, October 10, 2011 09:04:38 AM ijason wrote:
>> $db->do("insert into tablename (column names) values
>> ('$line[0]','$line[1]'...)");
> This is cool, but may I suggest you instead hawk the parameterized use of
> DBI::do:
>
> $db->do('INSERT INTO tablename (col1, col2, ... ) VALUES (?, ?, ...)',
> undef,
> $line[0], $line[1], ... );
>
> For more information on the virtues of parameterized database operations, see
> < http://bobby-tables.com/>.
>
Nice if as an additional note if you decide to concatenate multiple
inserts into a single insert be mindful that there is a 50k char limit
with MySQL inserts so you will need to check your length periodically to
make sure you don't exceed that before inserting.
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
