Re: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite


The stupid question is the question not asked
	PerlMonks

Re: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite

by olus (Curate)

on Jan 09, 2008 at 18:48 UTC ( [id://661449]=note: print w/replies, xml )

Need Help??

in reply to Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite

Ran your code for an Oracle 10g and got the same results.

my $dbh =  DBI->connect('dbi:Oracle:', 'usr/pass@service_name', '') or
+ die DBI->errstr;

 ....

Connected OK to Oracle.
Clear out existing data from the test table ..
Add (44,Some benign text) to the test table ..
Add (55,Just regular data) to the test table ..
Add (66,Evil data');DELETE FROM jobs;) to the test table ..
Dump out the result.
'44', 'Some benign text'
'55', 'Just regular data'
'66', 'Evil data');DELETE FROM jobs;'
3 rows
[download]

Comment on Re: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite Download Code

Replies are listed 'Best First'.
Re^2: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite by talexb (Chancellor) on Jan 09, 2008 at 18:53 UTC
Excellent!!! Thanks for doing that. Anyone else? Alex / talexb / Toronto "Groklaw is the open-source mentality applied to legal research" ~ Linus Torvalds	[reply]

In Section Meditations

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://661449]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others making s'mores by the fire in the courtyard of the Monastery: (4)

As of 2024-04-19 17:37 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found