unhappy_mage
[H]ard|DCer of the Month - October 2005
- Joined
- Jun 29, 2004
- Messages
- 11,455
I'm a fairly experienced programmer in a variety of languages, but I haven't had much need to interact with (or at least not much exposure to) SQL databases as yet. I have a test application I'd like to use SQL for (basically a price tracker over time), and I'd like some input on how to go about implementing the database part of it.
1) What do I need to do about SQL injection?
I'm planning on using Perl and DBD:g, with prepared statements. Does this prevent SQL injections, or is there something else I should be doing?
2) What should my table layout be like?
I want to store (for each item, at each time) [price, name, link-to-item, store-name]. This indicates to me that I want an "items" table with [item-id, name, link-to-item] rows, and a "data" table with [item-id, time, price] rows. Does this sound reasonable? What might a query to display a set of [price, name] tuplets for a given time look like? I think it'd be something like:
"SELECT data.price, items.name WHERE data.itemid = items.itemid AND '7/4/07' < data.time AND data.time < '7/5/07'"
What would a good way to add items be? I've done my magic, now I have a [price, name, link-to-item, store-name, time] tuplet. What do I do with it? link-to-item is unique, being a URL; should I determine the item-id from that? What kind of logic is good to create rows in the "items" table?
Sorry for the broad questions - I'm a little bit clueful about SQL syntax, but I don't want to dive in and later discover I've been going about things wrong. Thanks in advance for any assistance!
1) What do I need to do about SQL injection?
I'm planning on using Perl and DBD:g, with prepared statements. Does this prevent SQL injections, or is there something else I should be doing?
2) What should my table layout be like?
I want to store (for each item, at each time) [price, name, link-to-item, store-name]. This indicates to me that I want an "items" table with [item-id, name, link-to-item] rows, and a "data" table with [item-id, time, price] rows. Does this sound reasonable? What might a query to display a set of [price, name] tuplets for a given time look like? I think it'd be something like:
"SELECT data.price, items.name WHERE data.itemid = items.itemid AND '7/4/07' < data.time AND data.time < '7/5/07'"
What would a good way to add items be? I've done my magic, now I have a [price, name, link-to-item, store-name, time] tuplet. What do I do with it? link-to-item is unique, being a URL; should I determine the item-id from that? What kind of logic is good to create rows in the "items" table?
Sorry for the broad questions - I'm a little bit clueful about SQL syntax, but I don't want to dive in and later discover I've been going about things wrong. Thanks in advance for any assistance!