Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:
Hi Monks,
do I have to validate all input before it gets into the stored procedure? (you can't have sql injection when using a sp,can you?)
The sp is not using dynamic sql but just uses the input as parameters to a WHERE clause.
For example if a parameter is of string type ie User_Name, should I validate it , ie check it for length and special characters, before it gets to the sp or is that not necessary?
do I have to validate all input before it gets into the stored procedure? (you can't have sql injection when using a sp,can you?)
The sp is not using dynamic sql but just uses the input as parameters to a WHERE clause.
For example if a parameter is of string type ie User_Name, should I validate it , ie check it for length and special characters, before it gets to the sp or is that not necessary?
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: DBI and stored procedures
by space_monk (Chaplain) on Nov 04, 2012 at 13:10 UTC | |
Re: DBI and stored procedures
by Anonymous Monk on Nov 04, 2012 at 11:53 UTC | |
Re: DBI and stored procedures
by Don Coyote (Hermit) on Nov 04, 2012 at 13:38 UTC | |
by mbethke (Hermit) on Nov 04, 2012 at 16:53 UTC | |
by Don Coyote (Hermit) on Nov 05, 2012 at 14:00 UTC | |
Re: DBI and stored procedures
by dsheroh (Monsignor) on Nov 05, 2012 at 12:01 UTC |
Back to
Seekers of Perl Wisdom