On 3/25/06, Tom Allison <[EMAIL PROTECTED]> wrote: > I would have expected this to require me to do something to untaint the > value in $username.
Think of taint checking as a big safety net with holes in it. It's better than no net at all, but it's not perfect safety. > Doesn't this lead to SQL injections? Probably. i just heard Randal talking today about somebody whose name was O'Brien. Every time he types "O'Brien" into a web form, he finds out whether that form has an SQl injection vulnerability. :-) What happens when there's an apostrophe in your username? Hope this helps! --Tom Phoenix Stonehenge Perl Training -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
