in reply to Use placeholders. For SECURITY!
I'm sorry I missed this thread when I needed it, which is now. I hope someone finds this reply...er, question when viewing Newest Nodes. I quote from the original post:
CGI:
—Brad
"A little yeast leavens the whole dough."
"You have code that interpolates form data directly into the string."Do you still need placeholders for security if you are untainting all user form input?
CGI:
Module:use Validate; use strict; use CGI qw(:standard); my $firstname = Validate->alphanum( param( 'firstname' ) ); print "Missing or invalid first name\n" unless $firstname; my $stmt = "INSERT INTO tablename VALUES ('$firstname')"; excute...
package Validate; sub alphanum { my ($class, $value) = @_; return unless $value =~ /^([A-Za-z0-9 -]*)$/; return "$1"; } 1;
—Brad
"A little yeast leavens the whole dough."
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Re: Use placeholders. For SECURITY!
by tilly (Archbishop) on Dec 01, 2003 at 18:42 UTC | |
by bradcathey (Prior) on Dec 01, 2003 at 22:07 UTC |
In Section
Meditations