> You have crystalized my point eloquently. You should be using the
> quote method provided by the DBI or Mysql module, or even using
> prepare and execute with placeholders, which will take care of the
> quoting for you. Just backslashing those two characters will not
> save you. My suggestion would be to hire a programmer who knows
> the traps and how to avoid them. You don't want a security hole.
Thanks Christopher I'll take your advice on using DBI::quote and will
investigate DBI::prepare. (and this requirement is for the DB only - I don't
do system calls from within perl - all my system calls are done from PHP and
it has a lot of functions that allow a programmer to sanitise code}
cheers
Jim Carey
www.OZbcoz.com
