Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: perl (mysql) question...

by perlcgi (Hermit)
on Dec 08, 2003 at 14:07 UTC ( [id://313082]=note: print w/replies, xml ) Need Help??


in reply to perl (mysql) question...

Dear Monk,
You probably know this, (at least I hope you know this), and your example was only for illustration purposes. A statement like $sql = qq{ SELECT * FROM $table{'members'} WHERE nick="$username"}; leaves you open to a SQL injection attack. What will happen if the username entered by your user is something like the following?
'john' and userPass='' or 1=1 '

I hope I'm not stating the obvious.
Moral: Use placeholders

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://313082]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others exploiting the Monastery: (3)
As of 2024-04-20 02:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found