Re^3: SQL Injection myths under DBI


Keep It Simple, Stupid
	PerlMonks

Re^3: SQL Injection myths under DBI

by Jaap (Curate)

on Apr 12, 2005 at 09:46 UTC ( [id://446905]=note: print w/replies, xml )

Need Help??

in reply to Re^2: SQL Injection myths under DBI
in thread SQL Injection myths under DBI?

Insults aside, tilly makes a good point here.
You conclude that ONLY the ' is a problem because you could not find a problem with any other character/sequence.
Now if anyone else finds a problem with any other character you are screwed.
Generally speaking, it is better to ALLOW characters that you know are safe (whitelisting) than to DISALLOW characters that you know are unsafe.

Comment on Re^3: SQL Injection myths under DBI

In Section Meditations

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://446905]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others admiring the Monastery: (3)

As of 2024-04-25 12:49 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found