Hack #25. Bind Database Columns
Use placeholders for data retrieved from the database, not just sent to it.
Experienced database programmers know the value of placeholders in queries. (Inexperienced database programmers will soon find out why they're important, when unquoted data breaks their programs.) When you execute a query and pass in values, the database automatically quotes and inserts them into the prepared query, usually making for faster, and always making for safer, code.
Perl's DBI module has a similar feature for retrieving data from the database. Instead of copying column after column into variables, you can bind variables to a statement, so that they will contain the appropriate values for each row fetch(â)ed.
Of course, this technique appears less flexible than retrieving hashes from the DBI, as it relies on the order of data returned from a query and loads of scalar variables...or does it?
The Hack
Suppose that you have a templating application that needs to retrieve some fields from a table[1] and wants to contain the results in a hash. You could write a subroutine named bind_hash(â):
sub bind_hash
{
my ($dbh, $hash_ref, $table, @fields) = @_;
my $sql = 'SELECT ' . join(', ', @fields) . " FROM $table";
my $sth = $dbh->prepare( $sql );
$sth->execute(â);
$sth->bind_columns( \\@$hash_ref{ @{ $sth->{NAME_lc} } } );
return sub { $sth->fetch(â) };
}The only really tricky part of the code is using the reference operator (\\) on a hash slice. When fed a list, this ...
Get Perl Hacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
