[Dbix-class] Escaping placeholders
Peter Rabbitson
rabbit+dbic at rabbit.us
Sat Dec 20 15:53:29 GMT 2014
On 12/20/2014 03:38 PM, Tim Bunce wrote:
> On Fri, Dec 19, 2014 at 01:12:16PM +0100, Alexander Foken wrote:
>> Hello all,
>>
>> this reminds me of a similar problem I had in 2000 with DBI,
>> DBD::Oracle, and Oracle. See
>> <http://marc.info/?t=95063959000004&r=1&w=2>,
>> <http://173.79.223.25/?l=dbi-dev&m=95077716125217&w=2>.
>>
>> Problem was using named placeholders (":foo") in DBI and at the same
>> time use PL/SQL code containing variables (":bar"), DBI considered
>> both ":foo" and ":bar" to be placeholders instead of leaving ":bar"
>> alone and pass it to Oracle. A set of patches from Michael A. Chase
>> allowed disabling parts or all of the placeholder parsing, so using
>> unnamed placeholders ("?") allowed using PL/SQL variables in SQL
>> statements.
>>
>> But the fundamental problem was not solved, there was and still is
>> no way to escape placeholders.
>
> Can you, or anyone else, think of any situation where a backslash before
> a ? or :foo (or even $1) style placeholder might be valid SQL?
>
> So far no one has come up with one, so I'm getting more comfortable
> with the idea that a backslash before a placeholder is a safe change.
> I.e., there's a near-zero risk that upgrading a DBI driver to support
> backslashes would cause breakage in existing code.
>
I am not sure why but a backlashed version makes me wary... What about
?? instead?
More information about the DBIx-Class
mailing list