Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: Avoid SQL injection

by marto (Cardinal)
on Jan 20, 2023 at 11:55 UTC ( #11149723=note: print w/replies, xml ) Need Help??


in reply to Avoid SQL injection

my  $from = shift || '';
my  $select = shift || '';
my  $where = shift || '';
....
$sql.="FROM $where ";
$sql.="WHERE $other ";

[download]

Are you sure this is your code? It reads as though you are creating sql with a from containing the where clause. Regardless, it's messy. Bobby-tables.com has hints on placeholders/bind variables and the use of quote_identifier for identifiers etc. As a side note, what do you have against printing $!? previously among others.

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://11149723]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (3)
As of 2023-03-21 17:06 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Which type of climate do you prefer to live in?






    Results (60 votes). Check out past polls.
    Notices?