On Wed, 19 Nov 2008 12:55:13 +0100 (GMT+01:00), Deviloper <[EMAIL PROTECTED]> wrote: > HI there, > > not long ago I found a website explaining a feature of a dbi-addon (or > catalyst-addon) which untaintes user input data (in a very easy to use, but > very secure way) in best pratice style. Now I want to do this. But as > always, my brains dumbs this information (because this topic has nothing to > do with starwars neither nethack). > > If somebody can give me only the name of this modul or the article (I am > sure it wasnt about taint itself, it was over working with and escaping > chars in user input) I would be very happy. > > Thanks, > B.
Not sure what article or module you're talking about. But 'best practice' style is using 'bind variables'. You don't have to do any sanitising of data. You just set up a series of columns in your 'prepare' statement, and then pass the values in in your 'execute' statement. eg: my $sth = $dbh->prepare( "insert into some_table ( name, address, phone ) values ( ?, ?, ? )" ) || die $dbh->errstr; For every column that you're inserting into, you add a question mark ( ? ) as above. Then you pass the values ( in the same order as in your insert statement ): $sth->execute( $name, $address, $phone ) || die $dbh->errstr; You are protected from SQL injection attacks as long as you use this method for all values that you pass in. Dan
