in reply to PERL, SQL, and Web Publishing Security
Is there a place on this site where I should post this appropriately?
I don't think so, and I give you the main reasons.*
I give you credit for recommending taint mode and placeholders, but here is a list of unforgivable sins in your examples and code.
- Nowhere in your code you are using strict or warnings;
- You call open and other functions without checking the return values;
- You use $1 without cheking if a regular expression succeeded.
- You use variables $a and $b as examples, but you should know that they are global variables that you should not mess with, because they are used for sorting;
Moreover, although it isn't a mortal sin, Perl is not spelled 'PERL'.
Free piece of advice: before writing your next would be masterpiece, have a look at our Tutorials, and try to conform to what we believe are the high standards of Perl.
P.S. Have you seen Ovid's CGI Course?
* These lines are not the official PM policy, but just what I personally think, although I am quite sure that many monks share the same feelings.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: PERL, SQL, and Web Publishing Security
by tectonic (Initiate) on Nov 21, 2005 at 18:14 UTC |
In Section
Meditations