Perl

Perl's DBI, available on the CPAN, supports parameterized SQL calls. Both the do method and prepare method support parameters ("placeholders", as they call them) for most database drivers. For example:

$sth = $dbh->prepare("SELECT * FROM users WHERE email = ?"); foreach my $email (@emails) { $sth->execute($email); $row = $sth->fetchrow_hashref; [...] }

To do

Explain Perl's taint mode and how DBI supports taint mode, both inbound and outbound.

Fork me on GitHub