Re: why is this tainted?


more useful options
	PerlMonks

Re: why is this tainted?

by Fastolfe (Vicar)

on Dec 29, 2001 at 09:13 UTC ( [id://135070]=note: print w/replies, xml )

Need Help??

in reply to why is this tainted?

In addition to the enormous security problems other posters have pointed out with $email, I'd also like to point out that what you're doing with $username in $sql is also very bad. Consider using bind variables here. As it's written now, I can put whatever I want into username and it will be interpreted as raw SQL, which means I can do some potentially nasty stuff with your database.

$sth = $dbh->prepare('select x, y from z where username=?')
  or die "prepare: ". $dbh->errstr;
$sth->execute($username) or die "execute: ". $dbh->errstr;
[download]

Comment on Re: why is this tainted? Select or Download Code

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://135070]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others rifling through the Monastery: (6)

As of 2024-04-19 17:19 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found