X
xhoster
howa said:If I use prepare statement in every dbh call (mysql), will all chances
of SQL injection can be prevented?
No, prepared statements are not magical (in fact they don't even really
exist for mysql, they are emulated by the DBI/DBD modules). They do make
it easier to write safer code, because they facilitate use of bind
variables. But you can write unsafe code with prepare just as easily as
with selectall_arrayref or whatever.
Xho