Hi List, I am in the process of making a web service which will (at some point) query an oracle DB with some user supplied text. Currently the page allows the user to select the information in the insert from a tick box, the tables from a list and the conditional they can choose and then enter associated text.
I realise that this is not smart, at least without any parameter checking. I need a way of making the information 'safe' - avoid sql injections etc. I have tried using $dbh->quote($string) but this creates errors if the key word entered by the users is null - as oracle thinks this is not a keyword. hints, tips and solutions accepted :) I don't have admin rights and can't install any modules that aren't already available. The project is running under perl catalyst. Thanks in advance