Perl Monk, Perl Meditation | |
PerlMonks |
security question, mysql, limit, dbi, and placeholdersby powerhouse (Friar) |
on Apr 25, 2003 at 08:16 UTC ( [id://253089]=perlquestion: print w/replies, xml ) | Need Help?? |
powerhouse has asked for the wisdom of the Perl Monks concerning the following question:
I am creating a search function in my site, in which I used Perl and MySQL. I am just wondering, about this.... In the search box, I am putting a popup_menu, using CGI.pm to create it, with a few variables, such as 10, 20, 40, 80, and 120 "results to show". So in my search results I am putting this code: I am very concerned about the second limit number, since $max_recs1 is this: $max_recs1 = param("max_rec"); So if I put it in the query itself, and someone posted to the search form, a max_rec value of 100 DELETE FROM products or something like that I don't know that it would work, but if it did, that COULD be disasterous. So, is the code I put above ok? Because I'm getting this error: 10 is the number I selected when I tested the search. Thank you for any tips/advice you have. thx, Richard Title edit by tye
Back to
Seekers of Perl Wisdom
|
|