Tied variables ;-) G.
On 24 Jan 2013, at 13:57, Denny wrote: > You do know what $status contains in the example (so you could hardcore it in > the SQL anyway). $id is up for grabs though. > > > > Simon Wilcox <es...@ourshack.com> wrote: > >> On 24/01/2013 03:01, Sam Kington wrote: >>> I mean, sure, this is safe: >>> >>> if ($status eq 'foo') { >>> $dbh->do("UPDATE table SET status='$status' WHERE id=$id"); >>> } >> >> Only if you're certain you know what $status and $id contain. >> >> http://xkcd.com/327/ > > -- > Sent from my mobile phone. Please excuse terseness, typos and top-posting.