Perl-Sensitive Sunglasses | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Hi Monks,
do I have to validate all input before it gets into the stored procedure? (you can't have sql injection when using a sp,can you?) The sp is not using dynamic sql but just uses the input as parameters to a WHERE clause. For example if a parameter is of string type ie User_Name, should I validate it , ie check it for length and special characters, before it gets to the sp or is that not necessary? In reply to DBI and stored procedures by Anonymous Monk
|
|