http://qs321.pair.com?node_id=799797

grashoper has asked for the wisdom of the Perl Monks concerning the following question:

I was trying to come up with a regex to fix er block(sql injection) not sure how to write this properly. should I be doing this in the form validation code (since this is a loginbox() process or is it better practice to fix it in the sql itself? I am really horrendous with regexes
#want/need to add something to $user to test if its invalid #input #next if $User(/^"*^';&<>()/); #$User.'.'.'; #$Response->Write("Invalid Input"); my $sql = "SELECT Name, UserID, Passwd, Class FROM Users WHERE UserID='$User';";"