Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

I second tilly's opinion that what you are saying is plainly wrong, and here are a few points that you shoudl consider:

  • my $sth = $dbh->prepare ("select username, password from users where sid='?';" )

    That is simply wrong.
    Placeholders must not be quoted. A placeholder means "leave it to the database driver to deal with any quoting business."

  • this solution will cost you a hell of a work if you like the simplicity of the do() method and have used it all over your code
    What's wrong with using the do() method with placeholders?
    $dbh->do("INSERT INTO table (id, name) values (?, ?)", undef, $id, $na +me);
  • But what I could conclude, after a lot of thinking and, most of all, after testing all the supposedly harmfull examples in my little script, is that the only problem is the single quote
    That depends on the database you are using, and you should not be concerned about this matter, if you care to use the $dbh->quote method, which you should go and read in the docs.

The bottom line: I am afraid you don't know what you are talking about. Please read the docs more carefully.

In reply to Re: SQL Injection myths under DBI by dbwiz
in thread SQL Injection myths under DBI? by Andre_br

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?

What's my password?
Create A New User
Domain Nodelet?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others wandering the Monastery: (5)
As of 2023-12-07 10:51 GMT
Find Nodes?
    Voting Booth?
    What's your preferred 'use VERSION' for new CPAN modules in 2023?

    Results (32 votes). Check out past polls.