----- Original Message -----
From: "perlmunky" <[EMAIL PROTECTED]>
Newsgroups: perl.beginners
To: <beginners@perl.org>
Sent: Friday, January 11, 2008 9:11 AM
Subject: user arguments, oracle - insert, delete and drop!
Hi List,
I am in the process of making a web service which will (at some point)
query
an oracle DB with some user supplied text. Currently the page allows the
user to select the information in the insert from a tick box, the tables
from a list and the conditional they can choose and then enter associated
text.
I realise that this is not smart, at least without any parameter checking.
I need a way of making the information 'safe' - avoid sql injections etc.
I
have tried using $dbh->quote($string) but this creates errors if the key
word entered by the users is null - as oracle thinks this is not a
keyword.
hints, tips and solutions accepted :)
I don't have admin rights and can't install any modules that aren't
already
available. The project is running under perl catalyst.
Thanks in advance
See this colimn by Randal L. Schwartz. It descibes injection attacks.
http://www.stonehenge.com/merlyn/UnixReview/col58.html
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
