Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation

Re: Avoiding user-input in sub calls.

by skx (Parson)
on Nov 02, 2003 at 15:14 UTC ( #303914=note: print w/replies, xml ) Need Help??

in reply to Re: Avoiding user-input in sub calls.
in thread Avoiding user-input in sub calls.

 Using a HTML form with a drop down doesn't take away the user input; it's still not trusted.

 Any value may be entered by the user capable of saving your source somewhere and editing it; or facing the whole thing with LWP, etc.

 A minor point I know, but this came up at work fairly recently. All text fields were validated at submission time, but drop downs were for some bizarre reason taken as "trusted", and their values were injected directly into SQL. (Something else that's changed now).


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://303914]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (8)
As of 2018-06-18 14:17 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (110 votes). Check out past polls.