Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

comment on
( [id://3333]=superdoc: print w/replies, xml ) Need Help??
Here is a script I made to do database inserts. Should I limit the amount of data that can be posted to prevent buffer overflows? I guess that there shouldn't be anymore than 30,000 characters in the text area so I was figuring using $CGI::POST_MAX = 30000. I did this assuming that 30,000 ASCII characters assuming that 1 ASCII character is 1 byte.

Also I think my query is immune from SQL injection attacks. Is it? 

#!/usr/bin/perl -wT

use DBI;
use strict;
use CGI;
$CGI::POST_MAX = 30000;
use POSIX 'strftime';

my $q = CGI->new();

my $id =             $q->param ('id');
my $other_comments = $q->param ('other_comments');

my $date = strftime( "%m/%d/%Y",localtime(time) ); 

##Start database connections##########################
my $database = "database";
my $db_server = "localhost";
my $user = "user";
my $password = "password";

##Connect to database, insert statement, & disconnect##
my $dbh = DBI->connect("DBI:mysql:$database:$db_server", $user, $passw
+ord);

my $statement = "INSERT INTO database (id1, comnt, date1) VALUES (?,?,
+?)";

my $sth;
$sth = $dbh->prepare($statement) or die "Couldn't prepare the query: $
+sth->errstr";

my $rv = $sth->execute($id,$other_comments,$date) or die "Couldn't exe
+cute query: $dbh->errstr";

my $rc = $sth->finish;
   $rc = $dbh->disconnect;
#######################################################

print "Content-type: text/html\n\n";

print $date;

[download]

In reply to Hacker Proofing My Script by awohld

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":


  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others romping around the Monastery: (1)
As of 2024-04-18 23:46 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found