Parameter markers in Perl
The Perl DBI module supports executing
a prepared statement that includes parameter markers for variable
input. To include a parameter marker in an SQL statement, use the
question mark (?) character or a colon followed by a name (:name
).
The Perl code example creates a statement handle that accepts a parameter marker for the WHERE clause of a SELECT statement. The code then executes the statement twice using the input values 25000 and 35000 to replace the parameter marker.
my $sth = $dbhandle->prepare(
'SELECT firstnme, lastname
FROM employee
WHERE salary > ?'
);
my $rc = $sth->execute(25000);
·
·
·
my $rc = $sth->execute(35000);