Hi Mark, On Fri, 30 Dec 2011 12:39:04 -0500 Mark Haney <ma...@abemblem.com> wrote:
> On 12/30/2011 12:30 PM, Igor Dovgiy wrote: > > Hi Mark, > > > > If your variables are strictly internal and by no means might be ever > > tainted (read: user input), what you're doing is mostly ok. > > But you need to quote the dates passed within query itself, like this: > > > > my $sql = qq/SELECT * FROM `events` WHERE `date` BETWEEN '$begin_time' > > AND '$end_time'/; > > /(qq, of course, not q: you'd like your variables to be interpolated, > > would you? :)/ > > Yeah, true. I missed that part. > > > > But there's another (and in my opinion, usually better) way: using > > prepared sql statement: > > my $sth = $dbh->prepare(q/ > > SELECT * FROM `events` WHERE `date` BETWEEN ? AND ? > > /); > > $sth->execute($begin_time, $end_time); > > I can certainly do it this way, however, my ultimate goal is to have > these variables passed via a web form and since I'm still getting my > feet wet with using perl to a MySQL database exclusively (I can do SQL > very well, but never inside perl) I am taking baby steps. > If you're going to pass variables from a web form into Perl, then *definitely* use placeholders (unless you want an SQL injection problem on your hand). If you want something more higher-level, then you can look at Object-Relational Mappers such as http://search.cpan.org/dist/DBIx-Class/ (not necessarily the best, but the "elephant in the room") or http://search.cpan.org/dist/KiokuDB/ (which is an Object-Graph storage engine), and a form handler such as http://search.cpan.org/dist/HTML-FormFu/ . Regards, Shlomi Fish -- ----------------------------------------------------------------- Shlomi Fish http://www.shlomifish.org/ What does "Zionism" mean? - http://shlom.in/def-zionism Chuck Norris is the greatest man in history. He killed all the great men who could ever pose a competition. Please reply to list if it's a mailing list post - http://shlom.in/reply . -- To unsubscribe, e-mail: beginners-unsubscr...@perl.org For additional commands, e-mail: beginners-h...@perl.org http://learn.perl.org/
