[TriLUG] perl: how to initialise a variable that I want to be NULL

William Sutton william at trilug.org
Sun Aug 16 21:06:35 EDT 2009


If you're taking user input and passing it straight through to the 
database, that's dangerous.  I suggest reading up on placeholders and 
validating user input.

For example,

my $dbh; # connect $dbh to your database
my @words = parseline($user_input);
my $query = "SELECT * from my_table WHERE words IN ("  # start query
   . join (",", map { "?" } @words)                     # fill in placeholders
   . ")";                                               # end query
my $sth = $dbh->prepare($query);
$query->execute(@words);
while (my $row = $sth->fetchrow_hashref)
{
   # do something
}
$sth->finish;
$dbh->disconnect;


William Sutton

On Sun, 16 Aug 2009, Joseph Mack NA3T wrote:

> On Sun, 16 Aug 2009, Anderson Silva wrote:
>
>> I was pretty sure this worked... have you tried it with double quotes?
>> my $query_string = "";
>
> no. never thought of that :-(
>
> double quotes works fine.
>
> I'd assumed that since interpolation was not involved, that they'd both be 
> the same. Is there some reasoning behind this or is this just a piece of 
> magic to remember?
>
> Thanks
>
> Joe
>
> -- 
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>



More information about the TriLUG mailing list