If you're talking about sql injection then presumably you could do this exactly the same as you would any other input field - use sql placeholders in a prepared query rather than blindly pasting untrusted input as sql.
This is what I'm talking about. I don't know this technique - I thought the only approach was to filter input. I'm using DBIx, AFAIK it does use placeholders ... ? If so, I can just take input, do some basic "sanity" filtering, and store? XSS is not such a worry - I'm not dealing with financial transactions or such. It's more people being able to compromise the server that I am thinking of. Phaylon : sure. A simple example would be, say, a multilingual web forum. A text field would have a size limit, but other than that most any utf8 character could be input. -- Daniel McBrearty email : danielmcbrearty at gmail.com www.engoi.com : the multi - language vocab trainer BTW : 0873928131 _______________________________________________ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/