Hi- I hope this doesn't sound like criticism of the efforts so far; I think Koha is excellent work. However, I'm wondering about the DBI usage in the code. It appears that everything I've read on DBI says not to put variables into the SQL statement but to use placeholder parameters instead. For example, right now everything looks something like this: my $q_value=$dbh->quote($value); my $sth=$dbh->prepare("select my_field from my_table where my_criteria=$q_value"); $sth->execute; Whereas what I've read on the subject says it should be done like: my $sth=$dbh->prepare("select my_field from my_table where my_criteria=?"); $sth->execute($value); This doesn't require double the variables for all the quoting, and in a loop the prepare only has to be done once. I'm especially confused about things I see in the code like: $biblioitem->{'volume'} = $dbh->quote($biblioitem->{'volume'}); I think I'd be confused in keeping track of which things you have or haven't quoted already. I'd like to contribute to the project, and I'm happy to clean up things like this as I come across them. I'm wondering if there is a particular reason it's being done the way it is, or did it "just happen" this way? Thanks! - Alan -- ---- Alan Millar --==> am12@bolis.com <==--
Hi Allan On Thu, 2002-05-16 at 11:49, Alan Millar wrote:
Hi- I hope this doesn't sound like criticism of the efforts so far; I think Koha is excellent work. However, I'm wondering about the DBI usage in the code. It appears that everything I've read on DBI says not to put variables into the SQL statement but to use placeholder parameters instead.
For example, right now everything looks something like this:
my $q_value=$dbh->quote($value); my $sth=$dbh->prepare("select my_field from my_table where my_criteria=$q_value"); $sth->execute;
Whereas what I've read on the subject says it should be done like:
my $sth=$dbh->prepare("select my_field from my_table where my_criteria=?"); $sth->execute($value);
And $value gets quoted by $dbh automagically? Or do we build $value up but quoting variables as we go?
This doesn't require double the variables for all the quoting, and in a loop the prepare only has to be done once.
I'm especially confused about things I see in the code like:
$biblioitem->{'volume'} = $dbh->quote($biblioitem->{'volume'});
I think I'd be confused in keeping track of which things you have or haven't quoted already.
I'd like to contribute to the project, and I'm happy to clean up things like this as I come across them.
I'm wondering if there is a particular reason it's being done the way it is, or did it "just happen" this way?
Just happened would be the answer :) Code clean up is something we'd appreciate a lot. Are you registered at sourceforge? Chris -- Chris Cormack chris@katipo.co.nz Programmer 025 500 579 Katipo Communications www.katipo.co.nz
Whereas what I've read on the subject says it should be done like:
my $sth=$dbh->prepare("select my_field from my_table where my_criteria=?"); $sth->execute($value);
And $value gets quoted by $dbh automagically? Yes.
Or do we build $value up but quoting variables as we go? No, that's the beauty; you never have to call $dbh->quote ever again.
Code clean up is something we'd appreciate a lot.
Are you registered at sourceforge?
No, but I'm going to go figure it out. I've written Perl, and done a modest amount of DBI work with it in the last year, but I'm new to SourceForge and CVS. A new adventure :-) - Alan -- ---- Alan Millar --==> am12@bolis.com <==--
participants (2)
-
Alan Millar -
Chris Cormack