[Koha-devel] Question on proper/preferred DBI usage?
Chris Cormack
chris at katipo.co.nz
Wed May 15 17:03:02 CEST 2002
Hi Allan
On Thu, 2002-05-16 at 11:49, Alan Millar wrote:
> Hi- I hope this doesn't sound like criticism of the efforts so far; I think
> Koha is excellent work. However, I'm wondering about the DBI usage in
> the code. It appears that everything I've read on DBI says not to
> put variables into the SQL statement but to use placeholder parameters
> instead.
>
> For example, right now everything looks something like this:
>
> my $q_value=$dbh->quote($value);
> my $sth=$dbh->prepare("select my_field from my_table where my_criteria=$q_value");
> $sth->execute;
>
> Whereas what I've read on the subject says it should be done like:
>
> my $sth=$dbh->prepare("select my_field from my_table where my_criteria=?");
> $sth->execute($value);
>
And $value gets quoted by $dbh automagically?
Or do we build $value up but quoting variables as we go?
> This doesn't require double the variables for all the quoting, and
> in a loop the prepare only has to be done once.
>
> I'm especially confused about things I see in the code like:
>
> $biblioitem->{'volume'} = $dbh->quote($biblioitem->{'volume'});
>
> I think I'd be confused in keeping track of which things you have or haven't
> quoted already.
>
> I'd like to contribute to the project, and I'm happy to clean up
> things like this as I come across them.
>
> I'm wondering if there is a particular reason it's being
> done the way it is, or did it "just happen" this way?
>
Just happened would be the answer :)
Code clean up is something we'd appreciate a lot.
Are you registered at sourceforge?
Chris
--
Chris Cormack chris at katipo.co.nz
Programmer 025 500 579
Katipo Communications www.katipo.co.nz
More information about the Koha-devel
mailing list