Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re^6: DBH Insert of Binary Data

by Joost (Canon)
on Mar 19, 2005 at 01:36 UTC ( #440842=note: print w/ replies, xml ) Need Help??


in reply to Re^5: DBH Insert of Binary Data
in thread DBH Insert of Binary Data

#!perl -w use strict; use DBI; my $dbh = DBI->connect('DBI:mysql:database=test','xxx','yyy',) || die; print $dbh->quote(q{Boston;DELETE FROM myTable}); __END__ 'Boston;DELETE FROM myTable'

I don't see your point. If any DBD driver let's this through, (and DBD::mysql doesn't), it's a major bug. Yes, it might be inefficient, but it should never lead to a security risk if used correctly.


Comment on Re^6: DBH Insert of Binary Data
Download Code
Re^7: DBH Insert of Binary Data
by jZed (Prior) on Mar 19, 2005 at 01:39 UTC
    > If any DBD driver let's this through, (and DBD::mysql 
    > doesn't), it's a major bug. 
    
    Agreed.
      So now I'm getting curious: are there DBD drivers where you could get an SQL injection attack while still using the quote method correctly?

      Just to make myself as clear as I can: I agree that using placeholders is usually the best and most efficient technique, but I am under the impression that using quote() would (or at least, should) catch all attempts of "breaking out of" an SQL value.

      updated: s/attact/attack/

        > are there DBD drivers where you could get an SQL injection
        > attact while still using the quote method correctly?
        
        Not that I know of.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://440842]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (7)
As of 2015-07-04 07:56 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (58 votes), past polls