Re: problem with passing variables

2011-12-30 Thread Shlomi Fish
Hi Mark, On Fri, 30 Dec 2011 14:19:04 -0500 Mark Haney wrote: > On 12/30/2011 12:50 PM, Igor Dovgiy wrote: > > If you pass into SQL query something assigned by user, use > > placeholders by all means. ) It's not that hard, but it'll save you a > > lot of headaches, believe me. ) > > > > 2011/1

Re: problem with passing variables

2011-12-30 Thread Mark Haney
On 12/30/2011 12:50 PM, Igor Dovgiy wrote: If you pass into SQL query something assigned by user, use placeholders by all means. ) It's not that hard, but it'll save you a lot of headaches, believe me. ) 2011/12/30 Mark Haney mailto:ma...@abemblem.com>> But there's another (and in my opi

Re: problem with passing variables

2011-12-30 Thread Igor Dovgiy
If you pass into SQL query something assigned by user, use placeholders by all means. ) It's not that hard, but it'll save you a lot of headaches, believe me. ) 2011/12/30 Mark Haney > But there's another (and in my opinion, usually better) way: using > prepared sql statement: > my $sth = $dbh->

Re: problem with passing variables

2011-12-30 Thread Shlomi Fish
Hi Mark, On Fri, 30 Dec 2011 12:39:04 -0500 Mark Haney wrote: > On 12/30/2011 12:30 PM, Igor Dovgiy wrote: > > Hi Mark, > > > > If your variables are strictly internal and by no means might be ever > > tainted (read: user input), what you're doing is mostly ok. > > But you need to quote the dat

Re: problem with passing variables

2011-12-30 Thread Mark Haney
On 12/30/2011 12:30 PM, Igor Dovgiy wrote: Hi Mark, If your variables are strictly internal and by no means might be ever tainted (read: user input), what you're doing is mostly ok. But you need to quote the dates passed within query itself, like this: my $sql = qq/SELECT * FROM `events` WHER

Re: problem with passing variables

2011-12-30 Thread Shlomi Fish
On Fri, 30 Dec 2011 12:08:50 -0500 Mark Haney wrote: > I'm not sure if this is the right list for this, so bear with me. If it > isn't I'll be glad to post it on the correct one. > > I've got a problem with passing variables to a SQL server inside a CGI

Re: problem with passing variables

2011-12-30 Thread Igor Dovgiy
the right list for this, so bear with me. If it > isn't I'll be glad to post it on the correct one. > > I've got a problem with passing variables to a SQL server inside a CGI > script. My code is like this: > > my $begin_time = "2011-11-16 11:00:00"; >

problem with passing variables

2011-12-30 Thread Mark Haney
I'm not sure if this is the right list for this, so bear with me. If it isn't I'll be glad to post it on the correct one. I've got a problem with passing variables to a SQL server inside a CGI script. My code is like this: my $begin_time = "2011-11-16 11:00:00&quo