[Dbix-class] Escaping placeholders
Tim Bunce
Tim.Bunce at pobox.com
Sat Dec 20 14:38:36 GMT 2014
On Fri, Dec 19, 2014 at 01:12:16PM +0100, Alexander Foken wrote:
> Hello all,
>
> this reminds me of a similar problem I had in 2000 with DBI,
> DBD::Oracle, and Oracle. See
> <http://marc.info/?t=95063959000004&r=1&w=2>,
> <http://173.79.223.25/?l=dbi-dev&m=95077716125217&w=2>.
>
> Problem was using named placeholders (":foo") in DBI and at the same
> time use PL/SQL code containing variables (":bar"), DBI considered
> both ":foo" and ":bar" to be placeholders instead of leaving ":bar"
> alone and pass it to Oracle. A set of patches from Michael A. Chase
> allowed disabling parts or all of the placeholder parsing, so using
> unnamed placeholders ("?") allowed using PL/SQL variables in SQL
> statements.
>
> But the fundamental problem was not solved, there was and still is
> no way to escape placeholders.
Can you, or anyone else, think of any situation where a backslash before
a ? or :foo (or even $1) style placeholder might be valid SQL?
So far no one has come up with one, so I'm getting more comfortable
with the idea that a backslash before a placeholder is a safe change.
I.e., there's a near-zero risk that upgrading a DBI driver to support
backslashes would cause breakage in existing code.
Tim.
More information about the DBIx-Class
mailing list