On 2003-09-25 02:16:46 -0700, Dave Anderson wrote:
> sub buildValueStrings {
> my ($a) = shift;
> my ($h) = shift;
> for (@test = @$a) {
> (($_ eq "0") ? (@$a = keys %$h) : "");
> }
> grep($_ = "'$_'", @$a);
This still allows somebody to inject sql code by embedding single quotes
in the values. Use $dbh->quote() to avoid this.
hp
--
_ | Peter J. Holzer | Unser Universum w�re betr�blich
|_|_) | Sysadmin WSR / LUGA | unbedeutend, h�tte es nicht jeder
| | | [EMAIL PROTECTED] | Generation neue Probleme bereit.
__/ | http://www.hjp.at/ | -- Seneca, naturales quaestiones
pgp00000.pgp
Description: PGP signature
