http://www.perlmonks.org?node_id=603188

Win has asked for the wisdom of the Perl Monks concerning the following question:

I am executing MS SQL Server SPROCSs through a Perl program. The critical piece of code that sets up the execute statement follows:
$Command = join(' ', 'EXEC', $SPROC, join(', ', @CHOICE[1 .. $elements_in_array])) . '';
I really want advice on the best way of preventing a malicious injection attack or some other attack. I guess that it might be an idea to limit the SPROCs that can be called. It might be an idea to make it impossible to activate any SPROC that is a system SPROC. That would require screening of the $SPROC variable. Should I exclude the possibility of @CHOICE containing a variable that has DELETE in it. Or a variable that has ; in it. Is there anything else that I should do?