Hi Mark,
On Fri, 30 Dec 2011 14:19:04 -0500
Mark Haney wrote:
> On 12/30/2011 12:50 PM, Igor Dovgiy wrote:
> > If you pass into SQL query something assigned by user, use
> > placeholders by all means. ) It's not that hard, but it'll save you a
> > lot of headaches, believe me. )
> >
> > 2011/1
On 12/30/2011 12:50 PM, Igor Dovgiy wrote:
If you pass into SQL query something assigned by user, use
placeholders by all means. ) It's not that hard, but it'll save you a
lot of headaches, believe me. )
2011/12/30 Mark Haney mailto:ma...@abemblem.com>>
But there's another (and in my opi
If you pass into SQL query something assigned by user, use placeholders by
all means. ) It's not that hard, but it'll save you a lot of headaches,
believe me. )
2011/12/30 Mark Haney
> But there's another (and in my opinion, usually better) way: using
> prepared sql statement:
> my $sth = $dbh->
Hi Mark,
On Fri, 30 Dec 2011 12:39:04 -0500
Mark Haney wrote:
> On 12/30/2011 12:30 PM, Igor Dovgiy wrote:
> > Hi Mark,
> >
> > If your variables are strictly internal and by no means might be ever
> > tainted (read: user input), what you're doing is mostly ok.
> > But you need to quote the dat
On 12/30/2011 12:30 PM, Igor Dovgiy wrote:
Hi Mark,
If your variables are strictly internal and by no means might be ever
tainted (read: user input), what you're doing is mostly ok.
But you need to quote the dates passed within query itself, like this:
my $sql = qq/SELECT * FROM `events` WHER
On Fri, 30 Dec 2011 12:08:50 -0500
Mark Haney wrote:
> I'm not sure if this is the right list for this, so bear with me. If it
> isn't I'll be glad to post it on the correct one.
>
> I've got a problem with passing variables to a SQL server inside a CGI
the right list for this, so bear with me. If it
> isn't I'll be glad to post it on the correct one.
>
> I've got a problem with passing variables to a SQL server inside a CGI
> script. My code is like this:
>
> my $begin_time = "2011-11-16 11:00:00";
>
I'm not sure if this is the right list for this, so bear with me. If it
isn't I'll be glad to post it on the correct one.
I've got a problem with passing variables to a SQL server inside a CGI
script. My code is like this:
my $begin_time = "2011-11-16 11:00:00&quo