Crag, would you mind stopping in #catalyst onto irc.perl.org it would probably be easier. For instant chat you can follow this link http://chat.mibbit.com/#catal...@irc.perl.org
Cheers On Wed, Oct 31, 2012 at 10:51 AM, Craig Chant <cr...@homeloanpartnership.com > wrote: > SQL injection by whom and how? > > I can't get the template to work, and you think I've got user input set up? > > I give up, it was I nice idea but I'm going no-where fast. > > Thanks anyway. > > -----Original Message----- > From: Tomas Doran [mailto:bobtf...@bobtfish.net] > Sent: 30 October 2012 22:22 > To: The elegant MVC web framework > Subject: Re: [Catalyst] Unable to output anything in Root.pm -> 'auto' > > > On 30 Oct 2012, at 12:00, Craig Chant wrote: > > > "What was the reason for not using DBIC again?" > > > > The non-normalised DB with a missing schema and the fact the data is > spread across two SQL servers on separate DSN's. > > > You didn't say anything there that didn't imply DBIC is fine. > > The reason for not using DBIC again? > > Also, your SQL abstraction has hilarious SQL injection holes - you do know > about this, right? > > > It's just before the return of the record set or count I was wondering > if I need to add '$sth->finish();' or '$dbh->disconnect();' - which I have > in my current (non-catalyst) app version of the class (module). > > You're doing something wrong with DBI here! > > > I also believe that DBIC gets all columns from all tables, which I don't > want, dunno, perhaps I'm missing something with DBIC, but I understand my > data the way I retrieve it and didn't think there was anything wrong with > using my SQL class, it has served me well for 10 years, and powers all my > current apps. > > That's by default, and optional. > > > One thing I have found already is the app doesn't seem to see real time > SQL updates even if I issue $sth->finish(); & $dbh->disconnect(); at > the end of my method. > > > > I make a manual change to SQL (switch the 'Locked' flag between 'yes' & > 'no') , refresh the app and it isn't registering the SQL change, so already > it seems something is being cached somewhere and I need to stop this, my > apps need to see DB changes instantly. > > Again, you're doing something wrong or insane here - this is not normal, > so you must be asking for it somehow. > > Cheers > t0m > > > > _______________________________________________ > List: Catalyst@lists.scsys.co.uk > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst > Searchable archive: > http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ > Dev site: http://dev.catalyst.perl.org/ > This Email and any attachments contain confidential information and is > intended solely for the individual to whom it is addressed. If this Email > has been misdirected, please notify the author as soon as possible. If you > are not the intended recipient you must not disclose, distribute, copy, > print or rely on any of the information contained, and all copies must be > deleted immediately. Whilst we take reasonable steps to try to identify any > software viruses, any attachments to this e-mail may nevertheless contain > viruses, which our anti-virus software has failed to identify. You should > therefore carry out your own anti-virus checks before opening any > documents. HomeLoan Partnership will not accept any liability for damage > caused by computer viruses emanating from any attachment or other document > supplied with this e-mail. HomeLoan Partnership reserves the right to > monitor and archive all e-mail communications through its network. No > representative or employee of HomeLoan Partnership has the authority to > enter into any contract on behalf of HomeLoan Partnership by email. > HomeLoan Partnership is a trading name of H L Partnership Limited, > registered in England and Wales with Registration Number 5011722. > Registered office: 26-34 Old Street, London, EC1V 9QQ. H L Partnership > Limited is authorised and regulated by the Financial Services Authority. > > _______________________________________________ > List: Catalyst@lists.scsys.co.uk > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst > Searchable archive: > http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ > Dev site: http://dev.catalyst.perl.org/ >
_______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
