Re: Avoiding SQL insecurities


laziness, impatience, and hubris
	PerlMonks

Re: Avoiding SQL insecurities

by Belgarion (Chaplain)

on Jul 15, 2004 at 18:30 UTC ( [id://374774]=note: print w/replies, xml )

Need Help??

in reply to Avoiding SQL insecurities

You may also want to look into something like Class::DBI as a means of interfacing with your database. Class::DBI handles the SQL translation correctly without any interaction by you.

Even if you don't end up using the module it is a good piece of code to study to see how to work with a database from within Perl.

Comment on Re: Avoiding SQL insecurities

Replies are listed 'Best First'.
Re^2: Avoiding SQL insecurities by eclark (Scribe) on Jul 16, 2004 at 01:38 UTC
Always use placeholders. Examples below. `$dbh->do('UPDATE table SET col = ? WHERE id = ?', {}, $value, $id); my $sth = $dbh->prepare('SELECT foo, bar FROM table WHERE baz = ?'); $sth->execute($baz);` [download]	[reply] [d/l]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://374774]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others lurking in the Monastery: (5)

As of 2025-07-11 14:22 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

No recent polls found

Notices^?

	• erzuuli	‥ Anonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.