Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re: Preventing SQL injection attacks: are -T and placeholders not enough?

by starX (Chaplain)
on Jan 09, 2008 at 04:41 UTC ( [id://661254]=note: print w/replies, xml ) Need Help??


in reply to Preventing SQL injection attacks: are -T and placeholders not enough?

It's not to prevent injection attacks per se, but in an app I'm working on now, everything gets passed through a s/'//g to prevent any accidental SQL interpretation. That should take care of any single quotes, and coupled with using place holders, I can't think of how anything would get through.

Then again, it's getting late and my imagination is a little tired :)

Update: Maybe I should have clarified that it's a pretty specific environment where single quote characters shouldn't exist, per client instructions.

Replies are listed 'Best First'.
Re^2: Preventing SQL injection attacks: are -T and placeholders not enough?
by dsheroh (Monsignor) on Jan 09, 2008 at 07:14 UTC
    If youre going to strip out apostrophes, then youd probably better also make sure that its set up so the users know they cant (or at least theyre not allowed to) use any contractions. While youre at it, dont forget to make it clear that any possessives in the users input will also be damaged.
Re^2: Preventing SQL injection attacks: are -T and placeholders not enough?
by perrin (Chancellor) on Jan 09, 2008 at 05:29 UTC
    Don't do that. Use placeholders. They handle this for you.
Re^2: Preventing SQL injection attacks: are -T and placeholders not enough?
by parv (Parson) on Jan 09, 2008 at 04:47 UTC
    Hopefully your inputs are not addresses, names, plain old text and such.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://661254]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others cooling their heels in the Monastery: (4)
As of 2024-03-29 11:48 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found