John S Brigham <[EMAIL PROTECTED]>
11/03/2003 10:34 AM
To: [EMAIL PROTECTED]
cc:
Subject: unable to make SELECT take variables
I need help.
I am working on a MySQL /Perl web site. I am teaching myself MySQL and
PERL and am making progress.
As an exe
Jeff is right both about not using tainted user data, and
about using placeholders. But I don't think tainted data
is causing the problem you're having - see below:
John S Brigham [EMAIL PROTECTED] wrote:
>
> I need help.
>
> I am working on a MySQL /Perl web site. I am teaching myself MySQL a
John S Brigham wrote:
$cty = ;
chomp $cty;
#then
...SELECT column from table where City = $cty #doesn't work.
And that's a good thing. $cty is tainted, that means that it comes from
a source that perl can't check and could therefore include all sorts of
harmful things. Read about t
I need help.
I am working on a MySQL /Perl web site. I am teaching myself MySQL and
PERL and am making progress.
As an exercise, I want to put my Mother's Christmas card list in a MySQL
database. I want to sort and print the mailing labels from the database.
This is all done in PERL.
The ma