The stupid question is the question not asked | |
PerlMonks |
Re: Preventing SQL injection attacks: are -T and placeholders not enough?by McDarren (Abbot) |
on Jan 09, 2008 at 07:27 UTC ( [id://661279]=note: print w/replies, xml ) | Need Help?? |
Just a note on placeholders...
I've also been a staunch user (and advocate) of placeholders for quite some time. However, some time ago I found myself in a position where I had to make DB connections to a MS-SQL server from a Linux box. Those that have been down this path will understand when I say that this was quite a painful and frustrating experience. I eventually settled on a solution that uses a combination of DBD::Sybase and FreeTDS (mostly because this solution was the least painful to get up and working), but to my disappointment I discovered that placeholder support is lacking in this solution, which meant that we had to be very careful with the code. I've not looked into it for a while, but as far as I'm aware there is no easy workaround to this. But I'd be very pleased to discover that there is, if anyone is aware of one? Cheers,
In Section
Seekers of Perl Wisdom
|
|