Ejdaha
10-24-2005, 12:37 AM
Hi all. Can someone demonstrate for me a basic SQL injection in Perl and how I can avoid from it. And can someone advice me a book or document about Perl Security?
Thanks...
Thanks...
Click to See Complete Forum and Search --> : Perl SQL injection
fireartist
10-24-2005, 06:50 AM
How to avoid it: make sure you use placeholders, e.g.
# DON'T do this
my $sth = $dbh->prepare("SELECT * FROM users WHERE id = '$id'");
$sth->execute();
# DO THIS
my $sth = $dbh->prepare('SELECT * FROM users WHERE id = ?');
$sth->execute( $id );
Perl Security (http://perldoc.perl.org/perlsec.html) (although it doesn't address databases)
# DON'T do this
my $sth = $dbh->prepare("SELECT * FROM users WHERE id = '$id'");
$sth->execute();
# DO THIS
my $sth = $dbh->prepare('SELECT * FROM users WHERE id = ?');
$sth->execute( $id );
Perl Security (http://perldoc.perl.org/perlsec.html) (although it doesn't address databases)
Ejdaha
10-25-2005, 12:23 AM
OK, thank you very much
webdeveloper.com
Copyright Internet.com Inc., All Rights Reserved.
Copyright Internet.com Inc., All Rights Reserved.