Is there SQL parameter binding for arrays?

If you don't like the map there, you can use the 'x' operator:

my $params = join ', ' => ('?') x @foo;my $sql    = "SELECT * FROM table WHERE id IN ($params)";my $sth    = $dbh->prepare( $sql );$sth->execute( @foo );

The parentheses are needed around the '?' because that forces 'x' to be in list context.

Read "perldoc perlop" and search for 'Binary "x"' for more information (it's in the "Multiplicative Operators" section).

You specify "this is the SQL for a query with one parameter" -- that won't work when you want many parameters. It's a pain to deal with, of course. Two other variations to what was suggested already:

1) Use DBI->quote instead of place holders.

my $sql = "select foo from bar where baz in ("           . join(",", map { $dbh->quote($_) } @bazs)           . ")";my $data = $dbh->selectall_arrayref($sql);

2) Use an ORM to do this sort of low level stuff for you. DBIx::Class or Rose::DB::Object, for example.

I do something like:

my $dbh = DBI->connect( ... );my @vals= ( 1,2,3,4,5 );my $sql = 'SELECT * FROM table WHERE id IN (' . join( ',', map { '?' } @vals ) . ')';my $sth = $dbh->prepare( $sql );$sth->execute( @vals );