Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re: Securing HTML query strings

by olus (Curate)
on Aug 16, 2008 at 22:49 UTC ( #704753=note: print w/ replies, xml ) Need Help??


in reply to Securing HTML query strings

If I understand correctly, your concern is with validating info before going to the database, even though there might be some other validations (business rules?) that you are considering. If that is the case, as with the ' character, you could consider using placeholders in your queries.


Comment on Re: Securing HTML query strings
Re^2: Securing HTML query strings
by rooneyl (Sexton) on Aug 17, 2008 at 19:34 UTC
    My main concern is with dealing with the ' character, as it can be used for SQL injection attacks. Lawliet suggested using HTML:entities which converts the ' character into its HTML value. Could placeholders be used to stop ' being processed literally as well?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://704753]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (16)
As of 2014-09-18 14:23 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (116 votes), past polls