The stupid question is the question not asked | |
PerlMonks |
Re: Avoiding SQL insecuritiesby freddo411 (Chaplain) |
on Jul 14, 2004 at 22:49 UTC ( [id://374463]=note: print w/replies, xml ) | Need Help?? |
Hi,
The most basic rule it that the front end UI elements must have no SQL in them, just references back to your scripts that contain the SQL. The reason for this is that these elements can be freely hacked. So instead of an HTML menu like: and then have a lookup table where you translated the value to the actual SQL. You can accept user input for some of the values in the SQL, but you have to carefully check/filter the values (ALWAYS!!) to make sure that they don't contain nasty SQL injections. One quick and dirty way to do this is to limit inputs to alphanums only, (or something more complex if needed). Good Luck! -------------------------------------
In Section
Seekers of Perl Wisdom
|
|