sql injection
- Posted by Shawn Pringle Jul 13, 2008
- 727 views
There was a way perl implementers of the db libraries avoided sql injection attacks. You would pass the values you were sending outside of the string:
So the statement woudl be passed as: insert into tablefoo values (?,?,?,?) and then for each actual execution you would send the four values as part of an argument list.
I don't know if the .e libraries allow you to do the same thing but they ought to.
Shawn