Hi, I have recently read an article on SQL Injection (http://www.securityfocus.com/infocus/1644). I realize, that it is not possible to SQL inject a call that uses bind variables but there are cases when we have to create dynamic SQL.
Has anybody ever tried to write a generic Perl package/function that checks dynamic sql against SQL Inject and untaints it? Before I do it myself, I would like to see what others have already done. Best regards, Wojciech Pietron
