| From: | Doug McNaught <doug(at)mcnaught(dot)org> |
|---|---|
| To: | gearond(at)cvc(dot)net |
| Cc: | "Nigel J(dot) Andrews" <nandrews(at)investsystems(dot)co(dot)uk>, Greg Stark <gsstark(at)mit(dot)edu>, pgsql-general(at)postgresql(dot)org, pgsql-interfaces(at)postgresql(dot)org |
| Subject: | Re: More PHP DB abstraction layer stuff |
| Date: | 2003-01-24 20:01:27 |
| Message-ID: | m3y95ami5k.fsf@varsoon.wireboard.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-interfaces |
Dennis Gearon <gearond(at)cvc(dot)net> writes:
> could you elaborate on:
>
> Place holders ( those are in prepared queries, yes?)
> out of band?
I think by "out of band" Greg just means substituting values into a
prepared query rather than glomming everything into an SQL string by
yourself. For example, in Perl DBI you'd do something like:
$stmt = $dbh->prepare("select * from mytable where first_name = ?");
$ret_val = $sth->execute("Fred"); # might come from a web form instead
@row = $sth->fetchrow_array();
The database driver is responsible for turning the '?' in the query
into a properly-quoted and escaped value, or otherwise supplying it to
the database. The '?' is a placeholder.
-Doug
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Lamar Owen | 2003-01-24 20:03:01 | Re: Compiling 7.2.3 on RH 8.0 |
| Previous Message | Greg Stark | 2003-01-24 19:41:37 | Re: More PHP DB abstraction layer stuff |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Stark | 2003-01-24 20:19:00 | Re: More PHP DB abstraction layer stuff |
| Previous Message | Greg Stark | 2003-01-24 19:41:37 | Re: More PHP DB abstraction layer stuff |