Re^3: untainting or encoding for shelled sqlplus update

in reply to Re^2: untainting or encoding for shelled sqlplus update
in thread untainting or encoding for shelled sqlplus update

++ I obviously don't work directly with the DB enough either, but your example and reference give me a more exhaustive list of chars, etc. to untaint. That may do just the trick for now (though ikegami's comment convinces me that using the DBI quote function is the right thing).

#my sig used to say 'I humbly seek wisdom. '. Now it says:
use strict;
use warnings;
I humbly seek wisdom.

Comment on Re^3: untainting or encoding for shelled sqlplus update

Replies are listed 'Best First'.
Re^4: untainting or encoding for shelled sqlplus update by tachyon-II (Chaplain) on May 15, 2008 at 22:13 UTC
While a quick kludge may fix your problem with minimal effort using the bulk loader functionality that comes bundled with oracle makes better sense (speed and correct quoting) than using DBI to me.	[reply]
Re^5: untainting or encoding for shelled sqlplus update by goibhniu (Hermit) on May 16, 2008 at 14:21 UTC
There's no bulk in this case; it's one record at a time. Does that change your answer or is there some clever design you're thinking of (I love cleverness)? #my sig used to say 'I humbly seek wisdom. '. Now it says: use strict; use warnings; I humbly seek wisdom.	[reply]
Re^6: untainting or encoding for shelled sqlplus update by tachyon-II (Chaplain) on May 17, 2008 at 00:33 UTC
By one record I assume you mean one row in a database table (or several tables)? A bulk loader will load one row just as well as 1,000,000. You are already shelling out, why not shell out to a better tool.	[reply]
Re^7: untainting or encoding for shelled sqlplus update by goibhniu (Hermit) on May 19, 2008 at 14:06 UTC

In Section Seekers of Perl Wisdom