Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
Here is a script I made to do database inserts. Should I limit the amount of data that can be posted to prevent buffer overflows? I guess that there shouldn't be anymore than 30,000 characters in the text area so I was figuring using $CGI::POST_MAX = 30000. I did this assuming that 30,000 ASCII characters assuming that 1 ASCII character is 1 byte.

Also I think my query is immune from SQL injection attacks. Is it?

#!/usr/bin/perl -wT use DBI; use strict; use CGI; $CGI::POST_MAX = 30000; use POSIX 'strftime'; my $q = CGI->new(); my $id = $q->param ('id'); my $other_comments = $q->param ('other_comments'); my $date = strftime( "%m/%d/%Y",localtime(time) ); ##Start database connections########################## my $database = "database"; my $db_server = "localhost"; my $user = "user"; my $password = "password"; ##Connect to database, insert statement, & disconnect## my $dbh = DBI->connect("DBI:mysql:$database:$db_server", $user, $passw +ord); my $statement = "INSERT INTO database (id1, comnt, date1) VALUES (?,?, +?)"; my $sth; $sth = $dbh->prepare($statement) or die "Couldn't prepare the query: $ +sth->errstr"; my $rv = $sth->execute($id,$other_comments,$date) or die "Couldn't exe +cute query: $dbh->errstr"; my $rc = $sth->finish; $rc = $dbh->disconnect; ####################################################### print "Content-type: text/html\n\n"; print $date;

In reply to Hacker Proofing My Script by awohld

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others avoiding work at the Monastery: (8)
    As of 2020-01-29 12:58 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?
      Notices?