On Wed, Jan 16, 2008 at 03:17:58PM +0100, Marius Kjeldahl wrote:
> I've got an application where I do the following:
>
> # Look up last calculated transsum if it exists
> my $rsts = $c->model ('MintAppDB::TransSum')->find ({
> category => $c->req->param ('category'),
> sentto => $c->req->param ('sentto'),
> iso => $c->req->param ('iso')
> });
Never use $c->req->param. You're not competent to do so without screwing
it up, and neither am I :)
$c->req->params->{category}
will, I think, turn out to be much safer all round (or better still RUN USER
INPUT THROUGH A VALIDATOR BEFORE YOU LET IT ON THE SAME SUBNET AS YOUR
PRODUCTION DATABASE DAMMIT :)
--
Matt S Trout Need help with your Catalyst or DBIx::Class project?
Technical Director http://www.shadowcat.co.uk/catalyst/
Shadowcat Systems Ltd. Want a managed development or deployment platform?
http://chainsawblues.vox.com/ http://www.shadowcat.co.uk/servers/
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
