Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re^3: Simple question on SQL Injection

by naikonta (Curate)
on Oct 10, 2007 at 19:11 UTC ( #644071=note: print w/ replies, xml ) Need Help??


in reply to Re^2: Simple question on SQL Injection
in thread Simple question on SQL Injection

Too bad you can't use DBI and I don't know what the heck DataObject is, but I hope it uses DBI underneath. Using -T switch could help in conjunction with Taint option of DBI (if, again, you use DBI). Use regex to validate user inputs, but you need to define what constitutes bad or good input. For example, to allow only alphanumeric character,

my $user = get_username(); if ($user =~ /^(\w+)$/) { $user = $1; } else { die "Hey, you gave me bad input: $user\n"; } # proceed with untainted $user

Open source softwares? Share and enjoy. Make profit from them if you can. Yet, share and enjoy!


Comment on Re^3: Simple question on SQL Injection
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://644071]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (7)
As of 2014-09-18 23:16 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (126 votes), past polls