Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re: What training do YOU need?

by John M. Dlugosz (Monsignor)
on Oct 21, 2002 at 17:07 UTC ( #206877=note: print w/ replies, xml ) Need Help??


in reply to What training do YOU need?

Hey, what about the rest of us? I'd love to hear why people are misusing DBI... too bad you're not writing a book chapter or online course so we could all join in!


Comment on Re: What training do YOU need?
Re: Re: What training do YOU need?
by runrig (Abbot) on Oct 21, 2002 at 18:30 UTC
    I'd love to hear why people are misusing DBI

    From previous experience...we had someone who wrote things like this:

    $sql = "select stuff from table where id = " . param('id');
    I said we should be using placeholders here for security and efficiency (we were using Oracle which can really benefit from placeholders) but this person said placeholders didn't work. After some investigation (on my part) as to why they "didn't work", I found out that the 'id' parameter had a carriage return on the end of it, so placeholders didn't work in this particular instance (though with some /^(\d+)/ de-tainting they did work), so this this person avoided them everywhere instead of trying to figure out why they sometimes "didn't work." For similar reasons, he also avoided arrays, hash arrays, and other common idioms, but since his code "worked", no one ever questioned it.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://206877]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (6)
As of 2014-09-23 23:23 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (241 votes), past polls