From: "Agnello George" <[email protected]>
> >
>> This interpolation of string variables into an SQL statement is an SQL
>> injection attack waiting to happen:
>>
>> * http://en.wikipedia.org/wiki/SQL_injection
>>
>> * http://community.livejournal.com/shlomif_tech/35301.html
>>
>> * http://bobby-tables.com/
>>
>> Please avoid it by using placeholders.
>>
>
>
> how can i have place holder when i am trying to get a hashref ..
> $select_hashref = $DBH->selectall_hashref(" select * from mytable where
> username=$name ") ;
>
> i can not use a the <<?>> place holder here can i .. ?/
>
Hi,
>From perldoc DBI about selectall_hashref:
"This utility method combines "prepare", "execute" and "fetchall_hashref"
into a single call. It returns a reference to a hash..."
Use prepare, execute and fetchall_hashref and you will be able to do the same
thing and also use placeholders.
read:
perldoc DBI
Octavian
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
http://learn.perl.org/
