On Tue, Feb 28, 2006 at 09:37:34AM -0500, Scott wrote:
> $dbh->do("insert into email
> (name, email, comments, host, agent) values
> ('$name', '$email', '$comment', '$ip', '$ua')");
Use placeholders:
$dbh->do("insert into email(name, email, comments, host, agent)
values (?,?,?,?)", undef, $name, $email, $comment, $ip, $ua);
Not using placeholders is like saying "I like SQL insertion attacks on
my application".
Your other option is DBI's quote method, but placeholders are less
hassle.
Tony
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Mason-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mason-users
