[Koha-devel] Question on proper/preferred DBI usage?

[Alan Millar]

Hi-  I hope this doesn't sound like criticism of the efforts so far; I think
Koha is excellent work.  However, I'm wondering about the DBI usage in
the code.  It appears that everything I've read on DBI says not to 
put variables into the SQL statement but to use placeholder parameters
instead.

For example, right now everything looks something like this:

  my $q_value=$dbh->quote($value);
  my $sth=$dbh->prepare("select my_field from my_table where my_criteria=$q_value");
  $sth->execute;

Whereas what I've read on the subject says it should be done like:

  my $sth=$dbh->prepare("select my_field from my_table where my_criteria=?");
  $sth->execute($value);

This doesn't require double the variables for all the quoting, and 
in a loop the prepare only has to be done once.

I'm especially confused about things I see in the code like:

 $biblioitem->{'volume'}          = $dbh->quote($biblioitem->{'volume'});

I think I'd be confused in keeping track of which things you have or haven't 
quoted already.

I'd like to contribute to the project, and I'm happy to clean up
things like this as I come across them.  

I'm wondering if there is a particular reason it's being
done the way it is, or did it "just happen" this way?

Thanks!

- Alan

-- 

----
Alan Millar     --==> am12 at bolis.com <==--