MRMCD 2023

Perl-entauchen: Hold My Place - Automating SQL placeholders by de-interpolating strings
02.09.2023 , C120 - Arkanraum
Language: Deutsch

Creating SQL queries with placeholders is a must. But composing strings with interpolation is easier and better to read. How about combining the best of both worlds?

Many are still composing their SQL queries dangerously by assembling their queries with string interpolation.

Not only are such queries slow and prone to errors, they are also loopholes for injections. But many legacy projects are full of such examples. And refactoring is often not easy.

And even today many developers choose interpolation, since it's a core feature in Perl and comfortable to use.

This talk shows a current project to convert such interpolations to placeholders, without losing the benefits of ease and expressiveness.

We will cover and explain some in-depth techniques like

  • Callbacks in DBI.pm
  • Manipulating variables with PadWalker.pm
  • Bind variables with tie
  • Overloading operators for objects