Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re^2: is this script secured enough from internet attacks

by tercoz (Acolyte)
on Jun 17, 2011 at 08:31 UTC ( #910098=note: print w/ replies, xml ) Need Help??


in reply to Re: is this script secured enough from internet attacks
in thread is this script secured enough from internet attacks

Thank you, I shall remove that sub. As I am new here I don't know how to give points, I want to thank you and other people for helping me(points), which way can i do so7


Comment on Re^2: is this script secured enough from internet attacks
Re^3: is this script secured enough from internet attacks
by Sewi (Friar) on Jun 17, 2011 at 19:24 UTC

    Prepared statements and placeholders don't always work as expected (for example FreeTDS has problems there).

    unpack could cover all injection attempts:

    'INSERT INTO foo(bar) VALUES(0x'.unpack('H*',$value).')'


      how does this unpack H* insert into work?

      there are no rules, there are no thumbs..
        Hex encoded data is [0-9A-F]
        $ perl -e " print unpack q[H*], join q[],@ARGV " 1 "<" 3 " Foo" 313c3320466f6f $ perl -e " print pack q[H*], join q[],@ARGV " 313c3320466f6f 1<3 Foo
        I doubt the pack tradeoff is preferable as a workaround for a problem in FreeTDS (which I doubt exists)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://910098]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (8)
As of 2014-07-11 21:56 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    When choosing user names for websites, I prefer to use:








    Results (235 votes), past polls