in reply to Re^2: untainting or encoding for shelled sqlplus update
in thread untainting or encoding for shelled sqlplus update
++ I obviously don't work directly with the DB enough either, but your example and reference give me a more exhaustive list of chars, etc. to untaint. That may do just the trick for now (though ikegami's comment convinces me that using the DBI quote function is the right thing).
#my sig used to say 'I humbly seek wisdom. '. Now it says:
I humbly seek wisdom.