Hi, Does anyone have some suggestions for what restrictions should be used on a site to be secure? Do you know some sites where I can get information about this subject? Most of the text I read said that the variables should be filtered before inserting them in DB, but never gave details for what should be filtered.
I know a lot of theory but without practical examples. Is it enough to use binding parameters in DBI for avoiding SQL injections? I mean, if I always use binding parameters, it is OK if I don't use any other kind of filtering? If it is not enough, what kind of SQL code can still damage the DB? And if I need to filter, what kind of filter I need to apply? I know that the code will be secure if I will allow only A-Za-z0-9 and spaces, but in some form fields I need to allow every character. If there are some well defined types of SQL injection codes, are there some patterns that can be used for filtering? Thanks. Octavian -- To unsubscribe, e-mail: beginners-unsubscr...@perl.org For additional commands, e-mail: beginners-h...@perl.org http://learn.perl.org/
