Hi, I have just noticed a web application I am using has embedded values in SQL statements instead of placeholders and it does not check the input from the user which causes a nice error message (including the whole SQL statement) being part of the response page. I reported to the site owner but I wonder how could they fix their code?
The can go over manually the whole code but it is time consuming and error prone: They might miss one of the statements. I wonder if there is a way in DBI to report such usage or to even disallow such usage (e.g. throw an error if that is used). I wonder if there is a tool - a plugin to Perl::Critic maybe - that would check the source code and report such issues? regards Gabor
