Re: [Koha-devel] Question on proper/preferred DBI usage?

[Chris Cormack]

Hi Allan

On Thu, 2002-05-16 at 11:49, Alan Millar wrote:
> Hi-  I hope this doesn't sound like criticism of the efforts so far; I think
> Koha is excellent work.  However, I'm wondering about the DBI usage in
> the code.  It appears that everything I've read on DBI says not to 
> put variables into the SQL statement but to use placeholder parameters
> instead.
> 
> For example, right now everything looks something like this:
> 
>   my $q_value=$dbh->quote($value);
>   my $sth=$dbh->prepare("select my_field from my_table where 
> my_criteria=$q_value");
>   $sth->execute;
> 
> Whereas what I've read on the subject says it should be done like:
> 
>   my $sth=$dbh->prepare("select my_field from my_table where my_criteria=?");
>   $sth->execute($value);
> 
And $value gets quoted by $dbh automagically?
Or do we build $value up but quoting variables as we go?

> This doesn't require double the variables for all the quoting, and 
> in a loop the prepare only has to be done once.
> 
> I'm especially confused about things I see in the code like:
> 
>  $biblioitem->{'volume'}          = $dbh->quote($biblioitem->{'volume'});
> 
> I think I'd be confused in keeping track of which things you have or haven't 
> quoted already.
> 
> I'd like to contribute to the project, and I'm happy to clean up
> things like this as I come across them.  
> 
> I'm wondering if there is a particular reason it's being
> done the way it is, or did it "just happen" this way?
> 

Just happened would be the answer :)

Code clean up is something we'd appreciate a lot.

Are you registered at sourceforge?

Chris
-- 
Chris Cormack                                      address@hidden
Programmer                                                025 500 579
Katipo Communications                                www.katipo.co.nz