in reply to Re^3: DBH Insert of Binary Data
in thread DBH Insert of Binary Data
I mostly agree, but AFAIK, the $dbh->quote() method is (or should be) implemented by the specific DBD driver and should always escape correctly. Now, there might be situations or database where you can't just insert a quoted string in a BLOB, but SQL injection should not be possible with a $dbh->quote()d string.
The top post should remove the quotes around the quoted string, though, as $dbh->quote already provides them. Never mind, there aren't any.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^5: DBH Insert of Binary Data
by jZed (Prior) on Mar 18, 2005 at 22:55 UTC | |
by Joost (Canon) on Mar 19, 2005 at 01:36 UTC | |
by jZed (Prior) on Mar 19, 2005 at 01:39 UTC | |
by Joost (Canon) on Mar 19, 2005 at 01:44 UTC | |
by jZed (Prior) on Mar 19, 2005 at 01:46 UTC |
In Section
Seekers of Perl Wisdom