On Thursday, March 12, 2020, Rob Sargent <robjsarg...@gmail.com> wrote:
> > The example I saw for qq on the perl site > > print(qq(Welcome to GeeksForGeeks)); > > doesn’t have any quotes in arg to qq > Correct. It also says: qq() operator in Perl <https://www.geeksforgeeks.org/introduction-to-perl/> can be used in place of double quotes. It uses a set of parentheses to surround the string. Try making the sql string without using qq > my $select = “select....’” + $user + “‘;”; > (or perhaps perl has a formatted string function like printf) > This is worse than using correctly. The OP should (I think) be using a parameterized query instead of brute force string manipulation since this code is a prone to exploit. David J.
