Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation

Re^2: DBI and stored procedures

by mbethke (Hermit)
on Nov 04, 2012 at 16:53 UTC ( #1002221=note: print w/ replies, xml ) Need Help??

in reply to Re: DBI and stored procedures
in thread DBI and stored procedures

But this is beside the point. It is reasonably straightforward to untaint data, prior to checking for SQL type compatibility. my $inputstring =~ s/^(\w+)$//; my $username = $1;

Care must be taken though that all strings are received as UTF-8, otherwise \w matches only ASCII letters and not only Mr. 毛泽东 but also Assunção Verônica Álvares, Renée Bäcker and Kryštůfek Březový would get thrown to the "Go away, 33vu1 haxx0r!" page if they used their proper names spelled properly :)

Comment on Re^2: DBI and stored procedures
Download Code
Replies are listed 'Best First'.
Re^3: DBI and stored procedures
by Don Coyote (Pilgrim) on Nov 05, 2012 at 14:00 UTC

    This would be the reason then, that when I looked up the \w in the regex tutorials \w is mentioned as matching alphanumerics, underscores and others. That was just a quick look. After going back just now, I can see there is a lot of information peppered throughout the various regex tutorials relating to the encoding.

    In the meantime, I have updated the Ascii \w in my post to include the numerics as well as the alphas. And added some links to perlsec and perlrequick.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1002221]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (5)
As of 2015-11-26 03:20 GMT
Find Nodes?
    Voting Booth?

    What would be the most significant thing to happen if a rope (or wire) tied the Earth and the Moon together?

    Results (696 votes), past polls