sql injection

new topic     » topic index » view thread      » older message » newer message

There was a way perl implementers of the db libraries avoided sql injection attacks. You would pass the values you were sending outside of the string:

So the statement woudl be passed as: insert into tablefoo values (?,?,?,?) and then for each actual execution you would send the four values as part of an argument list.

I don't know if the .e libraries allow you to do the same thing but they ought to.

Shawn

new topic     » topic index » view thread      » older message » newer message

Search



Quick Links

User menu

Not signed in.

Misc Menu