[TriLUG] perl: how to initialise a variable that I want to be NULL
William Sutton
william at trilug.org
Sun Aug 16 21:06:35 EDT 2009
If you're taking user input and passing it straight through to the
database, that's dangerous. I suggest reading up on placeholders and
validating user input.
For example,
my $dbh; # connect $dbh to your database
my @words = parseline($user_input);
my $query = "SELECT * from my_table WHERE words IN (" # start query
. join (",", map { "?" } @words) # fill in placeholders
. ")"; # end query
my $sth = $dbh->prepare($query);
$query->execute(@words);
while (my $row = $sth->fetchrow_hashref)
{
# do something
}
$sth->finish;
$dbh->disconnect;
William Sutton
On Sun, 16 Aug 2009, Joseph Mack NA3T wrote:
> On Sun, 16 Aug 2009, Anderson Silva wrote:
>
>> I was pretty sure this worked... have you tried it with double quotes?
>> my $query_string = "";
>
> no. never thought of that :-(
>
> double quotes works fine.
>
> I'd assumed that since interpolation was not involved, that they'd both be
> the same. Is there some reasoning behind this or is this just a piece of
> magic to remember?
>
> Thanks
>
> Joe
>
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>
More information about the TriLUG
mailing list