Dennis Gearon <gearond@cvc.net> writes:
> could you elaborate on:
>
> Place holders ( those are in prepared queries, yes?)
> out of band?
I think by "out of band" Greg just means substituting values into a
prepared query rather than glomming everything into an SQL string by
yourself. For example, in Perl DBI you'd do something like:
$stmt = $dbh->prepare("select * from mytable where first_name = ?");
$ret_val = $sth->execute("Fred"); # might come from a web form instead
@row = $sth->fetchrow_array();
The database driver is responsible for turning the '?' in the query
into a properly-quoted and escaped value, or otherwise supplying it to
the database. The '?' is a placeholder.
-Doug