On Tue, Sep 03, 2002 at 04:25:18PM +1000, Bradley Baetz wrote: > On Wed, 21 Aug 2002, Tim Bunce wrote: > > > Probably (well spotted). There's a $sth->_set_fbav( \@fieldvalues) method > > you could try that copies the supplied values into the row array. > > Yeah, tainting the src vars as the copy happens seems to work. > > New patch attached, now with doc changes.
Thanks, applied. > BTW, should ->set_err have DBI_NO_TAINT_IN set? (IMA_NO_TAINT_IN I think you mean) > Bugzilla is still doing > taint stuff manually, and the set_err with a tainted sql string was > failing because the result was tainted... Yes, I think it's reasonable for set_err to not croak if given tainted values. I'll fix that. Thanks again. Tim.
