Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re^2: encoding to prevent sql injection in both perl and php

by herveus (Parson)
on Aug 24, 2006 at 23:45 UTC ( #569483=note: print w/replies, xml ) Need Help??


in reply to Re: encoding to prevent sql injection in both perl and php
in thread encoding to prevent sql injection in both perl and php

Howdy!

As I read mandog's description, I see the SQLite data store being used as a simple, asynchronous transfer mechanism for getting user input from the PHP to the Perl. Clearly, the Perl side needs to Do Things To The Data along the lines of untainting it (in effect), as the data in SQLite is unfiltered.

Base 64 encoding should be a portable scheme for encoding in PHP and decoding in Perl for closer examination. Once it is encoded, there will be only printable characters, and none of them will be single-quotes. Thus, running it through sqlite_escape_string will not do anything to the string.

yours,
Michael
  • Comment on Re^2: encoding to prevent sql injection in both perl and php

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://569483]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (5)
As of 2021-03-08 00:16 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My favorite kind of desktop background is:











    Results (123 votes). Check out past polls.

    Notices?