Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite

by rhesa (Vicar)
on Jan 09, 2008 at 19:33 UTC ( [id://661470]=note: print w/replies, xml ) Need Help??


in reply to Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite

Since I happened to be working on Windows for a client, I thought I'd check there.

Verified for MS Access and SQLServer (both 2000, I believe)

Driver versions: DBD::ODBC: 1.07 DBD::ADO: 2.84 Connected OK to ODBC:sqlservertest. Clear out existing data from the test table .. Add (44,Some benign text) to the test table .. Add (55,Just regular data) to the test table .. Add (66,Evil data');DELETE FROM jobs;) to the test table .. Dump out the result. '44', 'Some benign text' '55', 'Just regular data' '66', 'Evil data');DELETE FROM jobs;' 3 rows Connected OK to ADO:Provider=Microsoft.Jet.OLEDB.4.0;Data Source=d:/te +mp/msaccess2000test.mdb. Clear out existing data from the test table .. Add (44,Some benign text) to the test table .. Add (55,Just regular data) to the test table .. Add (66,Evil data');DELETE FROM jobs;) to the test table .. Dump out the result. 44, 'Some benign text' 55, 'Just regular data' 66, 'Evil data');DELETE FROM jobs;' 3 rows

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://661470]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others contemplating the Monastery: (5)
As of 2024-03-29 14:16 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found