note
moritz
Nice work (although the outcome is not unexpected ;).
<p>There are other potential security risks, though. For example if you use an ORM mapper (like [mod://DBIx::Class] or [mod://Rose::DB]) and construct a complicated query, you have to know exactly which arguments are parsed as SQL and which aren't.
<p>But if you really stick to plain DBI with placeholders you don't have to worry very much about SQL injection.
<p>You still have to consider possible DoS attacks, but that's usually not as bad as SQL injection.
661423
661423