in reply to PERL, SQL, and Web Publishing Security

Is there a place on this site where I should post this appropriately?

I don't think so, and I give you the main reasons.^*

I give you credit for recommending taint mode and placeholders, but here is a list of unforgivable sins in your examples and code.

• Nowhere in your code you are using strict or warnings;
• You call open and other functions without checking the return values;
• You use $1 without cheking if a regular expression succeeded.
• You use variables $a and $b as examples, but you should know that they are global variables that you should not mess with, because they are used for sorting;

Moreover, although it isn't a mortal sin, Perl is not spelled 'PERL'.

Free piece of advice: before writing your next would be masterpiece, have a look at our Tutorials, and try to conform to what we believe are the high standards of Perl.

P.S. Have you seen Ovid's CGI Course?

^* These lines are not the official PM policy, but just what I personally think, although I am quite sure that many monks share the same feelings.