Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite

by olus (Curate)
on Jan 09, 2008 at 18:48 UTC ( #661449=note: print w/replies, xml ) Need Help??


in reply to Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite

Ran your code for an Oracle 10g and got the same results.
my $dbh = DBI->connect('dbi:Oracle:', 'usr/pass@service_name', '') or + die DBI->errstr; .... Connected OK to Oracle. Clear out existing data from the test table .. Add (44,Some benign text) to the test table .. Add (55,Just regular data) to the test table .. Add (66,Evil data');DELETE FROM jobs;) to the test table .. Dump out the result. '44', 'Some benign text' '55', 'Just regular data' '66', 'Evil data');DELETE FROM jobs;' 3 rows
  • Comment on Re: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite
  • Download Code

Replies are listed 'Best First'.
Re^2: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite
by talexb (Canon) on Jan 09, 2008 at 18:53 UTC

    Excellent!!! Thanks for doing that. Anyone else?

    Alex / talexb / Toronto

    "Groklaw is the open-source mentality applied to legal research" ~ Linus Torvalds

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://661449]
help
Chatterbox?
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (5)
As of 2016-12-04 09:52 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    On a regular basis, I'm most likely to spy upon:













    Results (64 votes). Check out past polls.