Clear questions and runnable code get the best and fastest answer |
|
PerlMonks |
Re^4: Hacker Proofing My Scriptby dave_the_m (Monsignor) |
on Oct 04, 2004 at 21:19 UTC ( [id://396392]=note: print w/replies, xml ) | Need Help?? |
could it be that the placeholder-magic is faked by DBD/DBD::MYSLQ and that it simply relies on quoting and interpolating the placeholders? That would of course be a Bad Thing.Not necessarily. The DBD::MySQL driver is likely to have been written by someone competent, who understands how to do the correct quoting to make it injection proof; this is in contrast to typical user-level code, which has a good chance of getting it wrong. So even faked placeholders buy you security. Dave.
In Section
Seekers of Perl Wisdom
|
|