What's the equivalent of escaping strings for MySQL database input in Perl?

Question

What's the equivalent of escaping strings for MySql database input in perl?

Is Quote the best way?

Answer 1

You can use DBI placeholders.

Here is an example (from this link):

#! /usr/bin/perl

use DBI;

print "Enter the city you live in: ";
chomp( $city = <STDIN> );
print "Enter the state you live in: ";
chomp( $state = <STDIN> );

$dbh = DBI->connect(your db info here);
$sth = $dbh->prepare( "SELECT name WHERE city = ? AND state = ?" );
$sth->execute( $city, $state );