[Mimedefang] Re: sql integration of quarentine and others
Jeff Rife
mimedefang at nabs.net
Wed Apr 4 16:58:25 EDT 2007
On 4 Apr 2007 at 12:38, Dave O'Neill wrote:
> As a general rule, you should use placeholders for any input provided to
> an SQL query. You don't need to go the full route of preparing a
> statement handle as in your example:
>
> > $sth = $dbh->prepare(qq{
> > INSERT INTO mail (ip_address, mail_message)
> > VALUES (?, ?)
> > });
> >
> > $sth->execute($RelayAddr, $msg);
>
> Instead, you can provide extra arguments to do(), such as:
>
> $dbh->do(q{INSERT INTO mail (ip_address, mail_message) VALUES (?,?)},
> undef,
> $RelayAddr,
> $msg);
I got into the habit of preparing statements because "->do()" can only
be used for action queries, so all my "SELECT" queries have to be
prepared anyway.
Unfortunately, I found (and MySQL verified) a bug DBD::mysql 4.004 or
lower and mysqllib 5.0.27 or lower where server-side prepared
statements cause a segfault in the perl process. This makes preparing
the statements somewhat less useful, as the are simulated by DBI, which
results in a small performance hit.
I haven't seen a need to archive the contents of the e-mail yet. Just
having the database to help determine which IPs are the worst offenders
is a big help.
--
Jeff Rife | "Eternity with nerds. It's the Pasadena Star
| Trek convention all over again."
|
| -- Nichelle Nichols, "Futurama"
More information about the MIMEDefang
mailing list