Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re: encoding to prevent sql injection in both perl and php

by jdtoronto (Prior)
on Aug 24, 2006 at 20:27 UTC ( #569444=note: print w/ replies, xml ) Need Help??


in reply to encoding to prevent sql injection in both perl and php

Given that you seem to be talking about binary values, what are you storing?

The sqlite_escape_string() function probably does much the same as the quote method in DBI, which of course is really surplanted by using placeholders.

If you need true binary capability then MIME::Base64 is probably as good as anything. But it seems you really only want escaped values. Try writing the escaped version into SQLite and see what DBI reads back!

jdtoronto


Comment on Re: encoding to prevent sql injection in both perl and php
Re^2: encoding to prevent sql injection in both perl and php
by mandog (Curate) on Aug 24, 2006 at 21:44 UTC

    I'm storing text, name, address, phone, etc, plus whatever null bytes and other naughtiness the world gives me. I do just need to escape stuff, but I need (want?) to do it in a consistant, documented, predictable way.

    I am loath to just try it, as the effort of using MIME encoding is less than the effort of developing a validation suite. :->

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://569444]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (13)
As of 2014-10-20 12:20 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (75 votes), past polls