Andy Hassall wrote:
The general approach is to always use placeholders, and never directly interpolate values into SQL statements. This should insulate you from whatever encoding's needed. Constants in SQL are OK, but if you're putting
encoding as in quote()ing or encoding as in prepare/execute will handle making the binary data ok to use in the statement?
(do() does prepare/execute internally so isn't that the same thing???)
Perl variables in a statement, in most cases this is not the best choice.
e.g.
my $sth = $bh->prepare("UPDATE MyStuff SET BinaryGoodies=? WHERE ID=1"); $sth->execute($binary_content_Q);
So would this do it properly then?
$rv = $dbh->do('UPDATE MyStuff SET BinaryGoodies=? WHERE ID=1', undef, $binary_content_Q);
See: http://search.cpan.org/~timb/DBI/DBI.pm#Handling_BLOB_/_LONG_/_Memo_Field
Thanks for the url, you'd think I would've looked there already :)
