Here is a script I made to do database inserts. Should I limit the amount of data that can be posted to prevent buffer overflows? I guess that there shouldn't be anymore than 30,000 characters in the text area so I was figuring using $CGI::POST_MAX = 30000. I did this assuming that 30,000 ASCII characters assuming that 1 ASCII character is 1 byte.
Also I think my query is immune from SQL injection attacks. Is it?
#!/usr/bin/perl -wT
use DBI;
use strict;
use CGI;
$CGI::POST_MAX = 30000;
use POSIX 'strftime';
my $q = CGI->new();
my $id = $q->param ('id');
my $other_comments = $q->param ('other_comments');
my $date = strftime( "%m/%d/%Y",localtime(time) );
##Start database connections##########################
my $database = "database";
my $db_server = "localhost";
my $user = "user";
my $password = "password";
##Connect to database, insert statement, & disconnect##
my $dbh = DBI->connect("DBI:mysql:$database:$db_server", $user, $passw
+ord);
my $statement = "INSERT INTO database (id1, comnt, date1) VALUES (?,?,
+?)";
my $sth;
$sth = $dbh->prepare($statement) or die "Couldn't prepare the query: $
+sth->errstr";
my $rv = $sth->execute($id,$other_comments,$date) or die "Couldn't exe
+cute query: $dbh->errstr";
my $rc = $sth->finish;
$rc = $dbh->disconnect;
#######################################################
print "Content-type: text/html\n\n";
print $date;
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|