[Mimedefang] Re: sql integration of quarentine and others

Jeff Rife mimedefang at nabs.net
Wed Apr 4 16:58:25 EDT 2007


On 4 Apr 2007 at 12:38, Dave O'Neill wrote:

> As a general rule, you should use placeholders for any input provided to
> an SQL query.  You don't need to go the full route of preparing a
> statement handle as in your example:
> 
> > $sth = $dbh->prepare(qq{
> > INSERT INTO mail (ip_address, mail_message)
> > VALUES (?, ?)
> > });
> > 
> > $sth->execute($RelayAddr, $msg);
> 
> Instead, you can provide extra arguments to do(), such as:
> 
>   $dbh->do(q{INSERT INTO mail (ip_address, mail_message) VALUES (?,?)},
>          undef,
>          $RelayAddr,
>          $msg);

I got into the habit of preparing statements because "->do()" can only 
be used for action queries, so all my "SELECT" queries have to be 
prepared anyway.

Unfortunately, I found (and MySQL verified) a bug DBD::mysql 4.004 or 
lower and mysqllib 5.0.27 or lower where server-side prepared 
statements cause a segfault in the perl process.  This makes preparing 
the statements somewhat less useful, as the are simulated by DBI, which 
results in a small performance hit.

I haven't seen a need to archive the contents of the e-mail yet.  Just 
having the database to help determine which IPs are the worst offenders 
is a big help.


--
Jeff Rife | "Eternity with nerds.  It's the Pasadena Star 
          |  Trek convention all over again." 
          |  
          |         -- Nichelle Nichols, "Futurama" 





More information about the MIMEDefang mailing list