XP is just a number | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
I'm working in both PHP and Perl. A PHP script takes various values from untrusted users and stores them in a sqlite database. Periodically, a perl script reads the sqlite database and inserts previously uninserted values into a mysql database on the other side of the internet. I am limited in the chars I can deny to users. Inserting into the mysql database, DBI placeholders are fine. On the php side, sqlite_escape_string() seems to be the way to go.Unfortunately, there does not seem to be a sqlite_udf_decode_binary() for DBI. Right now my plan is to use base64_encode() in PHP before storing the values in sqlite and MIME::Base64 after pulling them out of the sqlite database with perl. Better ideas ? In reply to encoding to prevent sql injection in both perl and php by mandog
|
|