Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re: Help with searching within range of days

by davido (Archbishop)
on Aug 08, 2012 at 01:29 UTC ( #986110=note: print w/ replies, xml ) Need Help??


in reply to Help with searching within range of days

...so I embed the query into a "NEXT" link...

Am I understanding correctly that if I were to view-source on your page I would see within the NEXT link the SQL code that will be passed to the database? If that's the case, someone with a little motivation could construct a query that passes any SQL he wants back to the server. ...find out what tables exist, look up user account information, drop tables, and make a big mess.

POST isn't the answer either. The answer is to treat any data that comes from the client like it's capable of transmitting ebola. And because your URL has a .pl in it, the headline will read "Hackers attack insecure Perl script".


Dave


Comment on Re: Help with searching within range of days
Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://986110]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (10)
As of 2015-07-29 07:28 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (260 votes), past polls