Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Re: What training do YOU need?

by John M. Dlugosz (Monsignor)
on Oct 21, 2002 at 17:07 UTC ( [id://206877]=note: print w/replies, xml ) Need Help??


in reply to What training do YOU need?

Hey, what about the rest of us? I'd love to hear why people are misusing DBI... too bad you're not writing a book chapter or online course so we could all join in!

Replies are listed 'Best First'.
Re: Re: What training do YOU need?
by runrig (Abbot) on Oct 21, 2002 at 18:30 UTC
    I'd love to hear why people are misusing DBI

    From previous experience...we had someone who wrote things like this:

    $sql = "select stuff from table where id = " . param('id');

    [download]
    I said we should be using placeholders here for security and efficiency (we were using Oracle which can really benefit from placeholders) but this person said placeholders didn't work. After some investigation (on my part) as to why they "didn't work", I found out that the 'id' parameter had a carriage return on the end of it, so placeholders didn't work in this particular instance (though with some /^(\d+)/ de-tainting they did work), so this this person avoided them everywhere instead of trying to figure out why they sometimes "didn't work." For similar reasons, he also avoided arrays, hash arrays, and other common idioms, but since his code "worked", no one ever questioned it.
[reply]
[d/l]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://206877]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having a coffee break in the Monastery: (5)
As of 2024-04-25 06:58 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found