http://qs321.pair.com?node_id=842129


in reply to RFC:Tutorial: Using jQuery, Json, and Perl for Web development

Great end-to-end example, with at least problem. In record, you are escaping the values in the query that you're constructing, but not the keys. That opens the door to an injection attack.