Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re: security question...

by ajt (Prior)
on Apr 25, 2003 at 08:42 UTC ( #253095=note: print w/replies, xml ) Need Help??


in reply to security question, mysql, limit, dbi, and placeholders

I can't comment on the SQL, but the basic princiles of web input is DON'T TRUST USER INPUT. What you need to do is filter the input so that you let through only values you want to let through, rather than filtering out values you don't want.

See also:

*Added extra link.


--
ajt

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://253095]
help
Chatterbox?
[Discipulus]: who make the invitation? the program?!?
[choroba]: it's historical
[erix]: pull requests
[choroba]: originally, you sent a pull request to someone by email, i.e. you asked them to pull from your repo
[Discipulus]: if is the author of a patch, is more like a 'request to push' into rather than a pull request..
[choroba]: as it's considered unpolite to push to someone else's repo
[choroba]: and in fact, you don't push into the target repo, you push into your branch of your fork
[choroba]: the maintainer of the upstream repo than "merges" the pull request, i.e. they pull from your fork into the upstream
[Discipulus]: ' i.e. you asked them to pull from your repo' =~ I (subj) want to push
[Discipulus]: chorobayour words are reasonable

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (7)
As of 2017-05-27 20:10 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?