Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re: html checkbox and perl cgi

by ruzam (Curate)
on Jan 19, 2014 at 00:33 UTC ( #1071154=note: print w/replies, xml ) Need Help??


in reply to html checkbox and perl cgi

$db_query = "SELECT ST.sno_name,HT.homolog_name FROM sno_Table ST, Homolog_Table HT,sno_Homologs SH,Organism O WHERE ST.sno_id=SH.sno_id AND SH.homolog_id=HT.homolog_id AND HT.org_i d=O.org_id and (ST.family=$family) and O.organism='$TB'";

You have just passed $family and $TB directly into an SQL statement as entered into a web page by an untrusted random stranger with no validation what so ever. That will not end well (http://www.bobby-tables.com/).

Use place holders to protect your queries from SQL injections

$db_query = "SELECT ST.sno_name,HT.homolog_name FROM sno_Table ST, Hom +olog_Table HT,sno_Homologs SH,Organism O WHERE ST.sno_id=SH.sno_id AN +D SH.homolog_id=HT.homolog_id AND HT.org_i d=O.org_id and (ST.family= +?) and O.organism=?"; ... $sth->execute($family, $TB);

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1071154]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (5)
As of 2020-10-26 07:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My favourite web site is:












    Results (250 votes). Check out past polls.

    Notices?