Custom Query (13 matches)
Results (7 - 9 of 13)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#12 | fixed | Merge CustID checker from /branches/stable to /trunk | ||
Description |
CustID check module doesn't need to be restricted to the stable branch now that the repo history is not company-specific (mostly). |
|||
#34 | fixed | SQL cleanup - use DBI ? substitutions, move all SQL into IPDB.pm | ||
Description |
Much of the SQL currently uses: $sth = $dbh->prepare("INSERT INTO table (cols) values ('$literal1','$literal2')"); $sth->execute; instead of: $sth = $dbh->prepare("INSERT INTO table (cols) values (?,?)"); $sth->execute($literal1, $literal2); Switching to CGI::Simple (#15) is exposing several places where this is problematic. This is also something of an SQL-injection security issue - using DBI's parameter replacement means that user data goes right into the table, instead of munging the SQL (deliberately or otherwise). |
|||
#58 | duplicate | Start using "RETURNING" for DB IDs of things just added | ||
Description |
Currently several bits do "INSERT blah blah blah", then "SELECT currval(sequence)" to retrieve the ID of the thing just inserted for further work. These constructs should be switched to "INSERT blah blah blah RETURNING idfield" instead, where supported by DBI. |