On 24/01/2013 03:01, Sam Kington wrote: > I mean, sure, this is safe: > > if ($status eq 'foo') { > $dbh->do("UPDATE table SET status='$status' WHERE id=$id"); > } Only if you're certain you know what $status and $id contain. http://xkcd.com/327/