Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight

Re^2: DBI and stored procedures

by mbethke (Hermit)
on Nov 04, 2012 at 16:53 UTC ( #1002221=note: print w/replies, xml ) Need Help??

in reply to Re: DBI and stored procedures
in thread DBI and stored procedures

But this is beside the point. It is reasonably straightforward to untaint data, prior to checking for SQL type compatibility. my $inputstring =~ s/^(\w+)$//; my $username = $1;

Care must be taken though that all strings are received as UTF-8, otherwise \w matches only ASCII letters and not only Mr. 毛泽东 but also Assunção Verônica Álvares, Renée Bäcker and Kryštůfek Březový would get thrown to the "Go away, 33vu1 haxx0r!" page if they used their proper names spelled properly :)

Replies are listed 'Best First'.
Re^3: DBI and stored procedures
by Don Coyote (Pilgrim) on Nov 05, 2012 at 14:00 UTC

    This would be the reason then, that when I looked up the \w in the regex tutorials \w is mentioned as matching alphanumerics, underscores and others. That was just a quick look. After going back just now, I can see there is a lot of information peppered throughout the various regex tutorials relating to the encoding.

    In the meantime, I have updated the Ascii \w in my post to include the numerics as well as the alphas. And added some links to perlsec and perlrequick.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1002221]
[tye]: gah, Benchmark needs some serious work.
[tye]: though, really, I just replace with single calls to clock_gettime( CLOCK_PROCESS_CPUT IME_ID)

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (7)
As of 2017-02-23 03:07 GMT
Find Nodes?
    Voting Booth?
    Before electricity was invented, what was the Electric Eel called?

    Results (338 votes). Check out past polls.