Just another Perl shrine | |
PerlMonks |
Re: Preventing malicious T-SQL injection attacksby davorg (Chancellor) |
on Mar 05, 2007 at 12:54 UTC ( [id://603204]=note: print w/replies, xml ) | Need Help?? |
I second the idea of whitelisting the acceptable values for $SPROC and also using placeholders to insert the elements of @CHOICE into the SQL. Combining the two ideas, might give something like this:
This code also has the advantage of dieing if the number of elements in @CHOICE doesn't match the expected number of parameters.
-- "The first rule of Perl club is you do not talk about Perl club." -- Chip Salzenberg
In Section
Seekers of Perl Wisdom
|
|