Hi,
I've seen examples of searching in a database using the LIKE operator like:
$rs = $rs-search( {
name = { -like = %$name% },
} );
It doesn't look to be very secure to quote the variable $name this way.
Or maybe the special chars in the whole composed string %$name% are then
escaped if
Octavian -- Inlining the values, as you say, would be fraught with peril --
DBI (and DBIx::Class) know better, so it's not a problem. It's not special
to the -like operator, it's part of how DBIC works.
To see it in action -- when you're single-step debugging your cody, try
this:
DB1 x
On Mon, Oct 8, 2012 at 12:49 AM, Octavian Rasnita orasn...@gmail.comwrote:
Hi,
I've seen examples of searching in a database using the LIKE operator like:
$rs = $rs-search( {
name = { -like = %$name% },
} );
I just wrote something similar a few minutes ago.
It doesn't look to be