Beefy Boxes and Bandwidth Generously Provided by pair Networks Joe
Just another Perl shrine
 
PerlMonks  

Re: Preventing malicious T-SQL injection attacks

by Trizor (Pilgrim)
on Mar 05, 2007 at 12:32 UTC ( #603197=note: print w/ replies, xml ) Need Help??


in reply to Preventing malicious T-SQL injection attacks

It isn't clear if @CHOICE comes from you or the user. If it comes from you the issue is paranoid versus pragmatic: sure someone could have found a way to malicously modify that variable, but is it worth the extra effort here to make sure its safe? Or would it be more worth your time to find the holes that could lead to the modification.

Of course this goes out the window if @CHOICE isn't your creation, in which case I'd reccomend using a prepared statement to check syntax before execution. If the create fails, then its likely that an injection attack was attempted and you can log or take necessary action.

eval { $dbh->prepare($Command); } if ($@) { # Those jerks tried to inject us... }


Comment on Re: Preventing malicious T-SQL injection attacks
Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://603197]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (9)
As of 2014-04-16 07:19 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (417 votes), past polls