Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re: Avoiding user-input in sub calls.

by skx (Parson)
on Nov 02, 2003 at 15:14 UTC ( #303914=note: print w/ replies, xml ) Need Help??


in reply to Re: Avoiding user-input in sub calls.
in thread Avoiding user-input in sub calls.

 Using a HTML form with a drop down doesn't take away the user input; it's still not trusted.

 Any value may be entered by the user capable of saving your source somewhere and editing it; or facing the whole thing with LWP, etc.

 A minor point I know, but this came up at work fairly recently. All text fields were validated at submission time, but drop downs were for some bizarre reason taken as "trusted", and their values were injected directly into SQL. (Something else that's changed now).

Steve
---
steve.org.uk


Comment on Re: Avoiding user-input in sub calls.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://303914]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (14)
As of 2014-07-11 18:27 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    When choosing user names for websites, I prefer to use:








    Results (234 votes), past polls