mandog has asked for the wisdom of the Perl Monks concerning the following question:
I'm working in both PHP and Perl. A PHP script takes various values from untrusted users and stores them in a sqlite database. Periodically, a perl script reads the sqlite database and inserts previously uninserted values into a mysql database on the other side of the internet.
I am limited in the chars I can deny to users.
Inserting into the mysql database, DBI placeholders are fine.
On the php side, sqlite_escape_string() seems to be the way to go.Unfortunately, there does not seem to be a sqlite_udf_decode_binary() for DBI.
Right now my plan is to use base64_encode() in PHP before storing the values in sqlite and MIME::Base64 after pulling them out of the sqlite database with perl.
Better ideas ?
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: encoding to prevent sql injection in both perl and php
by jdtoronto (Prior) on Aug 24, 2006 at 20:27 UTC | |
by mandog (Curate) on Aug 24, 2006 at 21:44 UTC | |
Re: encoding to prevent sql injection in both perl and php
by CountZero (Bishop) on Aug 24, 2006 at 22:09 UTC | |
by herveus (Prior) on Aug 24, 2006 at 23:45 UTC |
Back to
Seekers of Perl Wisdom