Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine

Re^4: Hacker Proofing My Script

by jZed (Prior)
on Oct 04, 2004 at 21:13 UTC ( #396391=note: print w/replies, xml ) Need Help??

in reply to Re^3: Hacker Proofing My Script
in thread Hacker Proofing My Script

I don't know a heck of a lot about MySQL, but according to gmax's excellent New twist for DBD::mysql, DBD::mysql currently does emulate placeholders but in such a way as to preserve security. I'd suggest reading his node for further details.

Replies are listed 'Best First'.
Re^5: Hacker Proofing My Script
by CountZero (Bishop) on Oct 04, 2004 at 22:24 UTC
    It doesn't seem to be totally secure:
    As for LIMIT ?,?. The reason why it was not supported since 2.9002 is that it allowed for sql injection attacks, and it is not trivial to fix, in fact, I *just* scanned over Patrick's code and found a bug in the LIMIT handling code
    as can be read in Re: New twist for DBD::mysql.


    "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://396391]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (4)
As of 2020-01-22 03:42 GMT
Find Nodes?
    Voting Booth?