On Sat, 03 Jan 2004 04:57:10 -0500 Terrence Brannon <[EMAIL PROTECTED]> wrote:
> Jim Cromie wrote: > >> My comment was based on a cursory read, and general queasyness with >> non-placeholder construction of complex SQL - seeing all those $,@ >> just made me itch. > > let me make sure I understand the source of your quasiness: it is > because if you use placeholders in conjunction with $dbh->prepare() then > you can skip the parse phase on subsequent executes and get result > caching against bind parameters depending on the DBD and database? Just pasting text into SQL instead of using place holders leaves you open to all sorts of attacks. -- Mac :}) ** I usually forward private questions to the appropriate mail list. ** Ask Smarter: http://www.catb.org/~esr/faqs/smart-questions.html Give a hobbit a fish and he eats fish for a day. Give a hobbit a ring and he eats fish for an age.
