Re: Escaping %params


Think about Loose Coupling
	PerlMonks

Re: Escaping %params

by chromatic (Archbishop)

on Jan 20, 2014 at 22:13 UTC ( [id://1071384]=note: print w/replies, xml )

Need Help??

in reply to Escaping %params

Rather than escape values yourself, using SQL placeholders lets your database driver escape the values for you. It's a lot easier and safer. If you were to post some example database code, someone would surely show you how to use placeholders instead.

Improve your skills with Modern Perl: the free book.

Comment on Re: Escaping %params

Replies are listed 'Best First'.
Re^2: Escaping %params by DaisyLou (Sexton) on Jan 20, 2014 at 22:14 UTC
You are right, and in the long-run, that's what will probably be done, but that's a lot of work and testing. This is to "get us by" in the meantime.	[reply]
Re^3: Escaping %params by ruzam (Curate) on Jan 20, 2014 at 23:56 UTC
Not to sound like a grumpy old man, but "gets us by" is exactly how insecure systems are created and forgotten. If your goal as stated is to 'prevent SQL injection' then there is only one answer: use place holders.	[reply]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://1071384]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others browsing the Monastery: (4)

As of 2024-04-25 14:42 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found