On Wed, Dec 20, 2000 at 07:07:01AM +1100, Jim Carey wrote:
> LOL - thanks all - reckon I can get what I need out of this. I actually need
> it for MySQL - customer hit me with a O'Shea name - blew my database insert
> out of the water - will escape it by adding a \ in front of it or other
> slashes - once again thanks all
You have crystalized my point eloquently. You should be using the
quote method provided by the DBI or Mysql module, or even using
prepare and execute with placeholders, which will take care of the
quoting for you. Just backslashing those two characters will not
save you. My suggestion would be to hire a programmer who knows
the traps and how to avoid them. You don't want a security hole.
--
Christopher Masto Senior Network Monkey NetMonger Communications
[EMAIL PROTECTED] [EMAIL PROTECTED] http://www.netmonger.net
Free yourself, free your machine, free the daemon -- http://www.freebsd.org/
