thanks people, this is very helpful. Well, everything is postgresql / linux, so MSSQL will never be an issue.
Also I only ever use utf8 ... so I guess I'm home and dry. It would be very neat to be able to do this without locale-switching (and installing). as a matter of interest, does anyone have a reference on why placeholders protect against injection attacks ? If that is the case, maybe I can even leave out \w filtering where that is appropriate to do that. thanks! D On 12/5/06, Brandon Black <[EMAIL PROTECTED]> wrote:
On 12/5/06, Daniel McBrearty <[EMAIL PROTECTED]> wrote: > This is what I'm talking about. I don't know this technique - I > thought the only approach was to filter input. I'm using DBIx, AFAIK > it does use placeholders ... ? If so, I can just take input, do some > basic "sanity" filtering, and store? > Yes, DBIC does use placeholders in most situations. However, the NoBindVars-based Storage classes do not. This includes the notable example of MSSQL via DBD::Sybase, which uses NoBindVars to work around issues with FreeTDS and/or DBD::Sybase. The only really good way to fix this is to fix the DBD's or underlying DB libraries to properly support bind variables in all cases. > Phaylon : sure. A simple example would be, say, a multilingual web > forum. A text field would have a size limit, but other than that most > any utf8 character could be input. If your encoding is utf-8, you'll read in the perl i18n/l10n docs that UTF-8 has universal definitions for \w, \W, etc. Thus you don't really even need to know the language to safely validate for word vs non-word chars, just the encoding. -- Brandon _______________________________________________ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
-- Daniel McBrearty email : danielmcbrearty at gmail.com www.engoi.com : the multi - language vocab trainer BTW : 0873928131 _______________________________________________ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/