Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: encoding to prevent sql injection in both perl and php

by jdtoronto (Prior)
on Aug 24, 2006 at 20:27 UTC ( [id://569444]=note: print w/replies, xml ) Need Help??


in reply to encoding to prevent sql injection in both perl and php

Given that you seem to be talking about binary values, what are you storing?

The sqlite_escape_string() function probably does much the same as the quote method in DBI, which of course is really surplanted by using placeholders.

If you need true binary capability then MIME::Base64 is probably as good as anything. But it seems you really only want escaped values. Try writing the escaped version into SQLite and see what DBI reads back!

jdtoronto

Replies are listed 'Best First'.
Re^2: encoding to prevent sql injection in both perl and php
by mandog (Curate) on Aug 24, 2006 at 21:44 UTC

    I'm storing text, name, address, phone, etc, plus whatever null bytes and other naughtiness the world gives me. I do just need to escape stuff, but I need (want?) to do it in a consistant, documented, predictable way.

    I am loath to just try it, as the effort of using MIME encoding is less than the effort of developing a validation suite. :->

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://569444]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having an uproarious good time at the Monastery: (7)
As of 2024-03-29 00:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found