On Thursday 19 April 2007 08:37:34 Amos Shapira wrote: > On 19/04/07, Adam Kennedy <[EMAIL PROTECTED]> wrote: > > The biggest example is probably SQL placeholders, which pretty much > > remove any chance of SQL injections attack in one fell swoop. > > > > I know for DBI it's very difficult to do any non-trivial work without > > using them. > > I was just bitten (again) by the lack of support for these in the > MS-SQL DBI interface. > Is there another implementation which allows using place holders with > MS SQL (2005)?
I wasn't following the beginning of the thread, but if you are referring to perl's DBI, then it does support place holders: http://search.cpan.org/~mewp/DBD-Sybase-1.07/Sybase.pm#Using_%3F_Placeholders_%26_bind_parameters_to_%24sth-%3Eexecute Also, if the perl requirement can be lifted, I've used PHP's PDO extensively (though not with MS-SQL) and it also support place holders rather nicely - actually, better IMO then other implementations as the place holders are named in the query and you don't have to guess which question mark is responsible for which variable, like you have to with other implementations. -- Oded ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
