Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re: Safety of concatenating query string

by roboticus (Chancellor)
on Jun 23, 2011 at 17:10 UTC ( [id://911113]=note: print w/replies, xml ) Need Help??


in reply to Safety of concatenating query string

bradcathey:

If your program is the source of the column names, then there shouldn't be a concern. You typically have problems with SQL-injection issues when a third-party can put in bits of code that can mess up the database. For example, in your first case, your program is supplying the names, so you don't have to worry. But if it were more like:

my $sort_by = <>;
my $stmt = 'SELECT * FROM time_sheet WHERE user_id=? ORDER BY ' . $sor
+t_by;

[download]

Then you're opening the door for someone to hose your database.

...roboticus

When your only tool is a hammer, all problems look like your thumb.

Replies are listed 'Best First'.
Re^2: Safety of concatenating query string
by bradcathey (Prior) on Jun 24, 2011 at 19:16 UTC

    Thanks for the reassurance all. Good to know.

    —Brad
    "The important work of moving the world forward does not wait to be done by perfect men." George Eliot
[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://911113]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others about the Monastery: (4)
As of 2024-04-25 14:20 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found