grashoper has asked for the wisdom of the Perl Monks concerning the following question:
I was trying to come up with a regex to fix er block(sql injection) not sure how to write this properly. should I be doing this in the form validation code (since this is a loginbox() process or is it better practice to fix it in the sql itself? I am really horrendous with regexes
#want/need to add something to $user to test if its invalid #input #next if $User(/^"*^';&<>()/); #$User.'.'.'; #$Response->Write("Invalid Input"); my $sql = "SELECT Name, UserID, Passwd, Class FROM Users WHERE UserID='$User';";"
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: regex challenged
by moritz (Cardinal) on Oct 07, 2009 at 19:55 UTC | |
Re: regex challenged
by jrtayloriv (Pilgrim) on Oct 07, 2009 at 20:48 UTC | |
Re: regex challenged
by redgreen (Priest) on Oct 07, 2009 at 20:21 UTC | |
Re: regex challenged
by halfcountplus (Hermit) on Oct 07, 2009 at 20:14 UTC | |
by dsheroh (Monsignor) on Oct 08, 2009 at 07:25 UTC |
Back to
Seekers of Perl Wisdom