Hi Mark, On Fri, 30 Dec 2011 14:19:04 -0500 Mark Haney <ma...@abemblem.com> wrote:
> On 12/30/2011 12:50 PM, Igor Dovgiy wrote: > > If you pass into SQL query something assigned by user, use > > placeholders by all means. ) It's not that hard, but it'll save you a > > lot of headaches, believe me. ) > > > > 2011/12/30 Mark Haney <ma...@abemblem.com <mailto:ma...@abemblem.com>> > > > >> But there's another (and in my opinion, usually better) way: > >> using prepared sql statement: > >> my $sth = $dbh->prepare(q/ > >> SELECT * FROM `events` WHERE `date` BETWEEN ? AND ? > >> /); > >> $sth->execute($begin_time, $end_time); > > > > I can certainly do it this way, however, my ultimate goal is to > > have these variables passed via a web form and since I'm still > > getting my feet wet with using perl to a MySQL database > > exclusively (I can do SQL very well, but never inside perl) I am > > taking baby steps. > > > > > I'm definitely going to do it that way, now that I've had a chance to > read the replies and do some more googling on the subject. I'm glad you will. > My biggest > issue now is parsing the form data from STDIN from a POST in a HTML > form. (Which is a whole other issue and not one I'm going to address > in this reply. For this you should use http://plackperl.org/ or at the very least the CGI.pm module from the Perl core (also available on CPAN - it's dual-life.), or one of its CPAN alternatives. Doing it by hand is error-prone, and not recommended. Regards, Shlomi Fish -- ----------------------------------------------------------------- Shlomi Fish http://www.shlomifish.org/ My Aphorisms - http://www.shlomifish.org/humour.html Microsoft — making it all make sense. Ours. Please reply to list if it's a mailing list post - http://shlom.in/reply . -- To unsubscribe, e-mail: beginners-unsubscr...@perl.org For additional commands, e-mail: beginners-h...@perl.org http://learn.perl.org/
