[Israel.pm] RegEx in HTML Character

Tal Kelrich tal at musicgenome.com
Wed Jan 30 03:21:17 PST 2008


On Tue, 29 Jan 2008 22:24:01 +0200
Georges EL OJAIMI <G-OJAIMI at cyberia.net.lb> wrote:

> Hello,
> 
> I got this link http://www.securityfocus.com/infocus/1768 which
> contain different kind of SQL injection, 

Hi,

I wouldn't go this path, if at all possible.
Simply use bindings (preferred) or quoting for SQL statements.

With bindings, the values don't get parsed, so no SQL injection can
occur.

Cheers,
	Tal Kelrich

-- 
Tal Kelrich
PGP fingerprint: 3EDF FCC5 60BB 4729 AB2F  CAE6 FEC1 9AAC 12B9 AA69
Key Available at: http://www.hasturkun.com/pub.txt
----
Young men, hear an old man to whom old men hearkened when he was young.
		-- Augustus Caesar
----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://perl.org.il/pipermail/perl/attachments/20080130/bdddb8dd/attachment.pgp 


More information about the Perl mailing list