Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite

by andreas1234567 (Vicar)
on Jan 09, 2008 at 19:33 UTC ( #661471=note: print w/ replies, xml ) Need Help??


in reply to Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite

Ran your code on IBM UDB version 9.5.0 on Linux 2.6.9 i386.

$ perl -w 661423.pl Connected OK to DBD::DB2::VIPER. Clear out existing data from the test table .. Add (44,Some benign text) to the test table .. Add (55,Just regular data) to the test table .. Add (66,Evil data');DELETE FROM jobs;) to the test table .. Dump out the result. '44', 'Some benign text' '55', 'Just regular data' '66', 'Evil data');DELETE FROM jobs;' 3 rows
However, I would in most cases favor stored procedures as main way of interacting with a database. Benefits includes both security (which includes preventing SQL injection attacks - simply because you don't get to create dynamic SQL) and performance.
--
Andreas


Comment on Re: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite
Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://661471]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (4)
As of 2014-07-26 00:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (175 votes), past polls