Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re^7: DBH Insert of Binary Data

by jZed (Prior)
on Mar 19, 2005 at 01:39 UTC ( #440844=note: print w/ replies, xml ) Need Help??


in reply to Re^6: DBH Insert of Binary Data
in thread DBH Insert of Binary Data

> If any DBD driver let's this through, (and DBD::mysql 
> doesn't), it's a major bug. 
Agreed.


Comment on Re^7: DBH Insert of Binary Data
Re^8: DBH Insert of Binary Data
by Joost (Canon) on Mar 19, 2005 at 01:44 UTC
    So now I'm getting curious: are there DBD drivers where you could get an SQL injection attack while still using the quote method correctly?

    Just to make myself as clear as I can: I agree that using placeholders is usually the best and most efficient technique, but I am under the impression that using quote() would (or at least, should) catch all attempts of "breaking out of" an SQL value.

    updated: s/attact/attack/

      > are there DBD drivers where you could get an SQL injection
      > attact while still using the quote method correctly?
      
      Not that I know of.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://440844]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (11)
As of 2014-12-28 03:08 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (178 votes), past polls