![[ DeepNet IP Database ]](/images/ipdb-logo.png){kind=logo}
Custom Query (13 matches)
Results (1 - 3 of 13)
| Ticket | Resolution | Summary | Owner | Reporter |
|---|---|---|---|---|
| #58 | duplicate | Start using "RETURNING" for DB IDs of things just added | ||
| Description |
Currently several bits do "INSERT blah blah blah", then "SELECT currval(sequence)" to retrieve the ID of the thing just inserted for further work. These constructs should be switched to "INSERT blah blah blah RETURNING idfield" instead, where supported by DBI. |
|||
| #34 | fixed | SQL cleanup - use DBI ? substitutions, move all SQL into IPDB.pm | ||
| Description |
Much of the SQL currently uses: $sth = $dbh->prepare("INSERT INTO table (cols) values ('$literal1','$literal2')");
$sth->execute;
instead of: $sth = $dbh->prepare("INSERT INTO table (cols) values (?,?)");
$sth->execute($literal1, $literal2);
Switching to CGI::Simple (#15) is exposing several places where this is problematic. This is also something of an SQL-injection security issue - using DBI's parameter replacement means that user data goes right into the table, instead of munging the SQL (deliberately or otherwise). |
|||
| #29 | invalid | test ticket | ||
| Description |
testing email |
|||
Note:
See TracQuery
for help on using queries.
