Re: Preventing malicious T-SQL injection attacks


Problems? Is your data what you think it is?
	PerlMonks

Re: Preventing malicious T-SQL injection attacks

by Trizor (Pilgrim)

on Mar 05, 2007 at 12:32 UTC ( [id://603197]=note: print w/replies, xml )

Need Help??

in reply to Preventing malicious T-SQL injection attacks

It isn't clear if @CHOICE comes from you or the user. If it comes from you the issue is paranoid versus pragmatic: sure someone could have found a way to malicously modify that variable, but is it worth the extra effort here to make sure its safe? Or would it be more worth your time to find the holes that could lead to the modification.

Of course this goes out the window if @CHOICE isn't your creation, in which case I'd reccomend using a prepared statement to check syntax before execution. If the create fails, then its likely that an injection attack was attempted and you can log or take necessary action.

eval { 
  $dbh->prepare($Command);
}
if ($@) {
  # Those jerks tried to inject us...
}
[download]

Comment on Re: Preventing malicious T-SQL injection attacks Download Code

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://603197]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others exploiting the Monastery: (2)

As of 2025-12-15 01:35 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

What's your view on AI coding assistants?

Results (95 votes). Check out past polls.

Notices^?

	• hippo	‥ epoptai's answer Re: how do I set a cookie and redirect was blessed by hippo!
	• erzuuli	‥ Anonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.