|P is for Practical|
Re^3: Preventing malicious T-SQL injection attacksby davorg (Chancellor)
|on Mar 05, 2007 at 19:46 UTC||Need Help??|
Erm... yes. That's what it is supposed to do. It produces an SQL statement with the correct number of placeholders in it (a placeholder is marked with a question mark).
What were you expecting it to produce?
For example. hashes are indexed with strings and arrays are indexed with integers. So trying to see if a string key exists in an array is always going to be doomed to failure.
But actually, that's not what you're doing is it? You're setting up an array and then looking for a key in a non-existant hash.
Has someone recommended that you use "strict" and "diagnostics" in your code? Because that would have explained what your problem is here.
"The first rule of Perl club is you do not talk about Perl club." -- Chip Salzenberg