On Wed, Jun 26, 2013 at 11:38 PM, Shlomi Fish wrote: > > > Here is another example, some time ago: a user tries to store values > into a > > DB table. > > The problem that he is actually having: values not interpolating into the > > query string. (he used single-quote with the variables embedded) > > When I arrived to the scene, he was getting a long explanation about the > > dangers of SQL injection. nobody helped him with the actual problem. > > His data source: his research data's csv file. No problem with SQL > > injection here. > > I solved the problem, and told him to ignore everything that they said. > And > > that if one day he will write a web app, he should learn a bit about that > > "SQL injection" that they talked about. > > > > Well, SQL Injection is a big problem also outside the realm of web > applications, and you should always use placeholders: > > * http://bobby-tables.com/ > > * http://perl-begin.org/topics/security/code-markup-injection/ > > * http://en.wikipedia.org/wiki/SQL_injection > > So I believe their instruction was in place. >
Thank you Shlomi, for teaching me what is this SQL injection that everybody was talking about. Triple ufff. Shmuel.
_______________________________________________ Perl mailing list Perl@perl.org.il http://mail.perl.org.il/mailman/listinfo/perl
