Re^2: Wrong SQL Syntax?

... until somebody tries to enter a username that contains a '.

Comment on Re^2: Wrong SQL Syntax?

Replies are listed 'Best First'.
Re^3: Wrong SQL Syntax? by herveus (Prior) on Dec 03, 2010 at 13:42 UTC
Howdy! Ah, yes. Little Bobby Tables. yours, Michael	[reply]
Re^4: Wrong SQL Syntax? by Anonymous Monk on Dec 03, 2010 at 14:31 UTC
bobby-tables.com: A guide to preventing SQL injection	[reply]
Re^3: Wrong SQL Syntax? by kcott (Archbishop) on Dec 03, 2010 at 13:47 UTC
... until somebody tries to enter a username that contains a '. No argument with that. The various responses indicating the use of placeholders (including your own) are a better general solution. My post was based on: Frederic_S seemed to think that the quotes used in the assignment to `$user_login_name` would be propagated to the `SELECT` statement: "I thought if I pass the login_name in '' it would work ...". The fact that what he was trying perhaps worked in a different language: "I'm new to perl (coming from PHP) ...". The specific question asked: "... what I'm doing wrong?". The code as presented which didn't indicate any user input. I might also point out that when I started to type up my response there where no current replies: I wasn't intending to provide a better solution or invalidate any answers that were submitted in the few minutes before my own. Update: Added a blockquote at the top. -- Ken	[reply] [d/l] [select]