Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re: Preventing malicious T-SQL injection attacks

by Trizor (Pilgrim)
on Mar 05, 2007 at 12:32 UTC ( #603197=note: print w/replies, xml ) Need Help??


in reply to Preventing malicious T-SQL injection attacks

It isn't clear if @CHOICE comes from you or the user. If it comes from you the issue is paranoid versus pragmatic: sure someone could have found a way to malicously modify that variable, but is it worth the extra effort here to make sure its safe? Or would it be more worth your time to find the holes that could lead to the modification.

Of course this goes out the window if @CHOICE isn't your creation, in which case I'd reccomend using a prepared statement to check syntax before execution. If the create fails, then its likely that an injection attack was attempted and you can log or take necessary action.

eval { $dbh->prepare($Command); } if ($@) { # Those jerks tried to inject us... }

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://603197]
help
Chatterbox?
[robby_dobby]: I always thought everything on the other side of Suez to be Africa. That's an entire continent
[LanX]: Sinai_Peninsula
[robby_dobby]: choroba: If you're talking of Eurasia, it's only true of the erstwhile Constantinople/ Ottoman empire
[LanX]: yes correct, but Sinai is not on the other side
[LanX]: Organizing a YAPC in a tourist ressort is not a bad idea ...
[LanX]: ... and we could swap to our first YAPC Africa the following year when organizing in Hurghada
[robby_dobby]: LanX: Well volunteered!
[LanX]: ... just ... ppl would be to afraid of terrorist attacks
[choroba]: python guerrila?
[robby_dobby]: if I do make it, I can at least savour their local tea! :-)

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (15)
As of 2017-04-24 16:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I'm a fool:











    Results (442 votes). Check out past polls.