[Israel.pm] #perl-help irc channel
shmuelfomberg at gmail.com
Wed Jun 26 18:46:44 PDT 2013
On Wed, Jun 26, 2013 at 11:38 PM, Shlomi Fish wrote:
> > Here is another example, some time ago: a user tries to store values
> into a
> > DB table.
> > The problem that he is actually having: values not interpolating into the
> > query string. (he used single-quote with the variables embedded)
> > When I arrived to the scene, he was getting a long explanation about the
> > dangers of SQL injection. nobody helped him with the actual problem.
> > His data source: his research data's csv file. No problem with SQL
> > injection here.
> > I solved the problem, and told him to ignore everything that they said.
> > that if one day he will write a web app, he should learn a bit about that
> > "SQL injection" that they talked about.
> Well, SQL Injection is a big problem also outside the realm of web
> applications, and you should always use placeholders:
> * http://bobby-tables.com/
> * http://perl-begin.org/topics/security/code-markup-injection/
> * http://en.wikipedia.org/wiki/SQL_injection
> So I believe their instruction was in place.
Thank you Shlomi, for teaching me what is this SQL injection that everybody
was talking about.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Perl