Syntactic Confectionery Delight | |
PerlMonks |
Re: perl (mysql) question...by perlcgi (Hermit) |
on Dec 08, 2003 at 14:07 UTC ( [id://313082]=note: print w/replies, xml ) | Need Help?? |
Dear Monk, You probably know this, (at least I hope you know this), and your example was only for illustration purposes. A statement like $sql = qq{ SELECT * FROM $table{'members'} WHERE nick="$username"}; leaves you open to a SQL injection attack. What will happen if the username entered by your user is something like the following? 'john' and userPass='' or 1=1 ' I hope I'm not stating the obvious. Moral: Use placeholders
In Section
Seekers of Perl Wisdom
|
|