Over on Re^6: Splitting the records into multiple worksheets, hippo pointed out the error of my ways and I have been going through some code that's being produced to implement placeholders. Can I please check that I am now on the right lines and doing things better...
I had this line of code...
$dbh->do("INSERT INTO Web_Page SET template = '$request', test = '$tes
+t', source = '$data{'source'}', Visitor_idVisitor = $cookie{'_ls_visi
+t'}") unless $$vars{'testpage'};
All the variables are generated within the code except
$data{'source'} which is derived from the HTTP query string and therefore potentially unsafe.
I have replaced that line of code with this...
unless ($vars->{'testpage'}) {
my $query = $dbh->prepare("INSERT INTO Web_Page SET template = '$r
+equest', test = '$test', source = ?, Visitor_idVisitor = $cookie{'_ls
+_visit'}");
$query->execute($data{'source'});
}
Is that the best approach or should I be using placeholders for every variable, even those I have declared and therefore know are safe?
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.