http://www.perlmonks.org?node_id=440844


in reply to Re^6: DBH Insert of Binary Data
in thread DBH Insert of Binary Data

> If any DBD driver let's this through, (and DBD::mysql 
> doesn't), it's a major bug.
Agreed.

Replies are listed 'Best First'.
Re^8: DBH Insert of Binary Data
by Joost (Canon) on Mar 19, 2005 at 01:44 UTC
    So now I'm getting curious: are there DBD drivers where you could get an SQL injection attack while still using the quote method correctly?

    Just to make myself as clear as I can: I agree that using placeholders is usually the best and most efficient technique, but I am under the impression that using quote() would (or at least, should) catch all attempts of "breaking out of" an SQL value.

    updated: s/attact/attack/

    "What should it profit a man, if he should win a flame war, yet lose his cool?"
[reply]
      > are there DBD drivers where you could get an SQL injection
> attact while still using the quote method correctly?
      Not that I know of.
[reply]

In Section Seekers of Perl Wisdom