Re: Perl DBI and placeheld values
От | Lincoln Yeoh |
---|---|
Тема | Re: Perl DBI and placeheld values |
Дата | |
Msg-id | 5.1.0.14.1.20030130150909.02f085a0@mbox.jaring.my обсуждение исходный текст |
Ответ на | Perl DBI and placeheld values ("Nigel J. Andrews" <nandrews@investsystems.co.uk>) |
Список | pgsql-general |
At 10:30 PM 1/29/03 +0000, Nigel J. Andrews wrote: >psql> create table mytab ( thetime timestamptz ); > >perl: > $sth = $dbh->prepare('insert into mytab values ( ? )'); > $sth->execute($thetime); > >where $thetime could hold 2003-01-29 13:45:06+00 _or_ current_timestamp. >So just how do others manage this situation without resorting to special >casing >everything? I use 'now' instead of current_timestamp. Despite current_timestamp being the SQL standard, I figure 'now' is the way to go. Based on recent posts I gather that the developers have no plans to break that, so it'll be fine to use it. Naturally it doesn't work if the field type is text. Loosely looking for current_timestamp and then not filtering can be dangerous in uncontrolled environments. e.g. webapps - users could put current_timestamp in a cgi parameter followed by not so nice SQL. I suggest you put the functions and stuff in the main SQL, and leave the placeholders for the data/variables. That way the changeable stuff gets quoted, and the static stuff is known to be safe. Hope this helps, Link.
В списке pgsql-general по дате отправления: