SQL injection by whom and how? I can't get the template to work, and you think I've got user input set up?
I give up, it was I nice idea but I'm going no-where fast. Thanks anyway. -----Original Message----- From: Tomas Doran [mailto:bobtf...@bobtfish.net] Sent: 30 October 2012 22:22 To: The elegant MVC web framework Subject: Re: [Catalyst] Unable to output anything in Root.pm -> 'auto' On 30 Oct 2012, at 12:00, Craig Chant wrote: > "What was the reason for not using DBIC again?" > > The non-normalised DB with a missing schema and the fact the data is spread > across two SQL servers on separate DSN's. You didn't say anything there that didn't imply DBIC is fine. The reason for not using DBIC again? Also, your SQL abstraction has hilarious SQL injection holes - you do know about this, right? > It's just before the return of the record set or count I was wondering if I > need to add '$sth->finish();' or '$dbh->disconnect();' - which I have in my > current (non-catalyst) app version of the class (module). You're doing something wrong with DBI here! > I also believe that DBIC gets all columns from all tables, which I don't > want, dunno, perhaps I'm missing something with DBIC, but I understand my > data the way I retrieve it and didn't think there was anything wrong with > using my SQL class, it has served me well for 10 years, and powers all my > current apps. That's by default, and optional. > One thing I have found already is the app doesn't seem to see real time SQL > updates even if I issue $sth->finish(); & $dbh->disconnect(); at the end > of my method. > > I make a manual change to SQL (switch the 'Locked' flag between 'yes' & 'no') > , refresh the app and it isn't registering the SQL change, so already it > seems something is being cached somewhere and I need to stop this, my apps > need to see DB changes instantly. Again, you're doing something wrong or insane here - this is not normal, so you must be asking for it somehow. Cheers t0m _______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://firstname.lastname@example.org/ Dev site: http://dev.catalyst.perl.org/ This Email and any attachments contain confidential information and is intended solely for the individual to whom it is addressed. If this Email has been misdirected, please notify the author as soon as possible. If you are not the intended recipient you must not disclose, distribute, copy, print or rely on any of the information contained, and all copies must be deleted immediately. Whilst we take reasonable steps to try to identify any software viruses, any attachments to this e-mail may nevertheless contain viruses, which our anti-virus software has failed to identify. You should therefore carry out your own anti-virus checks before opening any documents. HomeLoan Partnership will not accept any liability for damage caused by computer viruses emanating from any attachment or other document supplied with this e-mail. HomeLoan Partnership reserves the right to monitor and archive all e-mail communications through its network. No representative or employee of HomeLoan Partnership has the authority to enter into any contract on behalf of HomeLoan Partnership by email. HomeLoan Partnership is a trading name of H L Partnership Limited, registered in England and Wales with Registration Number 5011722. Registered office: 26-34 Old Street, London, EC1V 9QQ. H L Partnership Limited is authorised and regulated by the Financial Services Authority. _______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://email@example.com/ Dev site: http://dev.catalyst.perl.org/