[plug] Perl/DBI syntax

Tue Sep 9 14:16:39 WST 2003

On Tuesday 09 September 2003 14:03, Nigel Duff wrote:
>
> my $query = $dbh->prepare ("insert into management
> 		(title, item_no, descript, pics, comments, start_date,
> end_date, startprice, cost, paid)
>
> values
>
> 		($fields{TITLE}, $fields{ITEMNO}, $fields{DESCRIPT},
> $fields{PICTURES}, $fields{COMMENTS},
> 		 $fields{STARTDATE}, $fields{ENDDATE},
> $fields{STARTPRICE}, $fields{COST}, $fields{PAIDFOR})");
>
> $query->execute();

Hmmmm. Are the field values properly quoted/escaped? A neater way would be, 
using the unquoted/unescaped values:

 my $query = $dbh->prepare ("insert into management
 		(title, item_no, descript, pics, comments, start_date,
 end_date, startprice, cost, paid)
    values
		(?,?,?,?,?,?,?,?,?,?)");

 $query->execute($fields{TITLE}, $fields{ITEMNO}, $fields{DESCRIPT},
 $fields{PICTURES}, $fields{COMMENTS}, $fields{STARTDATE}, $fields{ENDDATE},
 $fields{STARTPRICE}, $fields{COST}, $fields{PAIDFOR});

-- 
. Trevor Phillips             -           http://jurai.murdoch.edu.au/ . 
: Web Technical Administrator     -          T.Phillips at murdoch.edu.au : 
| IT Services                        -              Murdoch University | 
 >--------------------------------------------------------------------<
| On nights such as this, evil deeds are done. And good deeds, of     /
| course. But mostly evil, on the whole.                             /
 \      -- (Terry Pratchett, Wyrd Sisters)                          /