Help for this page

Select Code to Download


  1. or download this
    package MyApp::Schema::Result::Hash;
use base qw/DBIx::Class::Core/;
...
INSERT INTO hash VALUES ('bar', 'BAR');
INSERT INTO hash VALUES ('baz', 123);
INIT
  2. or download this
    my $schema = MyApp::Schema->connect(@DSN);
my $hash   = $schema->resultset("Hash");
...
say $hash->search({ $evil_key => "foo" })->count;
##  executes: SELECT COUNT( * ) FROM hash me WHERE ( 1 = 1 ) -- = ? ):
+ 'foo'
##  says 3
  3. or download this
    $schema->storage->sql_maker->quote_char('"');
say $hash->search({ $evil_key => "foo" })->count;
##  executes: SELECT COUNT( * ) FROM "hash" "me" WHERE ( "1 = 1 ) --" 
+= ? ): 'foo'
##  says 0
  4. or download this
    my $evil_key2 = 'key" = "key" ) -- ';
say $hash->search({ $evil_key2 => "foo" })->count;
##  executes: SELECT COUNT( * ) FROM "hash" "me" WHERE ( "key" = "key"
+ ) -- " = ? ): 'foo'
##  says 3
  5. or download this
    $schema->storage->sql_maker->quote_char(undef);
my $Q_evil_key2 = $schema->storage->dbh->quote_identifier($evil_key2);
say $hash->search({ $Q_evil_key2 => "foo" })->count;
##  executes: SELECT COUNT( * ) FROM hash me WHERE ( "key"" = ""key"" 
+) -- " = ? ): 'foo'
##  says 0