Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things

Re^2: Simple question on SQL Injection

by radix (Initiate)
on Oct 09, 2007 at 16:34 UTC ( #643739=note: print w/replies, xml ) Need Help??

in reply to Re: Simple question on SQL Injection
in thread Simple question on SQL Injection

Thanks mwa, But I cant use DBI, I can only use there anyway I can use palce holders with DataObject? Thanks

Replies are listed 'Best First'.
Re^3: Simple question on SQL Injection
by runrig (Abbot) on Oct 09, 2007 at 17:10 UTC
    I don't see any DataObject module on CPAN (except for something under Spoon, but I don't think that's it). We can't help you with modules that we know nothing about. Is DBI installed? You might at least be able to call the quote() method from it on your parameters. Or see if your DataObject module can handle placeholders or has something like the quote() method.
Re^3: Simple question on SQL Injection
by naikonta (Curate) on Oct 10, 2007 at 19:11 UTC
    Too bad you can't use DBI and I don't know what the heck DataObject is, but I hope it uses DBI underneath. Using -T switch could help in conjunction with Taint option of DBI (if, again, you use DBI). Use regex to validate user inputs, but you need to define what constitutes bad or good input. For example, to allow only alphanumeric character,
    my $user = get_username(); if ($user =~ /^(\w+)$/) { $user = $1; } else { die "Hey, you gave me bad input: $user\n"; } # proceed with untainted $user

    Open source softwares? Share and enjoy. Make profit from them if you can. Yet, share and enjoy!

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://643739]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (8)
As of 2019-09-23 13:04 GMT
Find Nodes?
    Voting Booth?
    The room is dark, and your next move is ...

    Results (279 votes). Check out past polls.