Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

In addition to what the others have said, I'd like to point out a huge security hole. I've reformatted the code for clarity, but the following is logically equivalent to what you have:

my $dbh = DBI->connect( 'DBI:mysql:*********', '*****', '*****', {RaiseError => 1 , AutoCommit => 1} ) || die "Can't Connect: $!"; my $sth = $dbh->prepare(<<END_SQL); UPDATE inventory SET img="$short_name", thumb="$short_tname" WHERE partno="$img_name"; ENDSQL $sth->execute;

Never allow user to be able to send data directly to the database like this. If you do, you open yourself up to SQL injection attacks where the attacker can insert their own SQL and run it arbitrarily against the server. You can protect against this by using the $dbh->quote method on the variables before you insert them. However, a cleaner strategy is to always use placeholders:

my $sth = $dbh->prepare(<<END_SQL); UPDATE inventory SET img = ?, thumb = ? WHERE partno = ?; ENDSQL $sth->execute($short_name, $short_tname, $img_name);

Read "Placeholders and Bind Values" in the DBI documentation for more information.


New address of my CGI Course.

In reply to Re: Need help with syntax error in CGI script (security hole) by Ovid
in thread Need help with syntax error in CGI script by apariah2

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?

What's my password?
Create A New User
Domain Nodelet?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others cooling their heels in the Monastery: (4)
As of 2023-11-29 08:45 GMT
Find Nodes?
    Voting Booth?

    No recent polls found