Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re^7: DBH Insert of Binary Data

by jZed (Prior)
on Mar 19, 2005 at 01:39 UTC ( #440844=note: print w/ replies, xml ) Need Help??


in reply to Re^6: DBH Insert of Binary Data
in thread DBH Insert of Binary Data

> If any DBD driver let's this through, (and DBD::mysql 
> doesn't), it's a major bug. 
Agreed.


Comment on Re^7: DBH Insert of Binary Data
Re^8: DBH Insert of Binary Data
by Joost (Canon) on Mar 19, 2005 at 01:44 UTC
    So now I'm getting curious: are there DBD drivers where you could get an SQL injection attack while still using the quote method correctly?

    Just to make myself as clear as I can: I agree that using placeholders is usually the best and most efficient technique, but I am under the impression that using quote() would (or at least, should) catch all attempts of "breaking out of" an SQL value.

    updated: s/attact/attack/

      > are there DBD drivers where you could get an SQL injection
      > attact while still using the quote method correctly?
      
      Not that I know of.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://440844]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (8)
As of 2015-07-06 22:36 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (84 votes), past polls