Come for the quick hacks, stay for the epiphanies. | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
I'd also test that the arguments page/count/whatever don't contain any sql injections.
e.g. if $count in this command "SELECT * FROM your_table ORDER BY id LIMIT $offset, $count"; would contain "15; update users set password='hacked';" both statements will be executed: "SELECT * FROM your_table ORDER BY id LIMIT 0, 15; update users set password='hacked';" Since both count and offset should be numerical I'd do something like $count =~ s/\D*//g This will remove any nondigit character. michael In reply to Re^4: how to put links on the bottom of an image gallery
by misc
|
|