Re: Re3: Using-T and Untainting SQL

Very well put!

I can see why placeholders are very important. I have changed most of my code over to use placeholders. I have seen the light and under stand why it is important.

So there is no big push to use Taint? From what I have read, Taint can invlove a bit of work and cause disruptions if not set up properly.

Thanks

Comment on Re: Re3: Using-T and Untainting SQL

Replies are listed 'Best First'.
Re5: Using-T and Untainting SQL by PotPieMan (Hermit) on Apr 30, 2002 at 23:48 UTC
Taint mode makes your script as safe as possible because it makes you more paranoid about the data coming into your script. You should still put taint on your TO DO list, but you should be okay without it. This is, of course, assuming that you aren't making any system calls in your scripts (using backticks, system, exec, or any of the other means of calling an external file). Unfortunately, I couldn't find any good nodes on taint mode here, but I'll try and look some more. I did find the following: Taint Mode --PotPieMan	[reply]

Replies are listed 'Best First'.

Re5: Using-T and Untainting SQL
by PotPieMan (Hermit) on Apr 30, 2002 at 23:48 UTC

should

system

exec

Unfortunately, I couldn't find any good nodes on taint mode here, but I'll try and look some more. I did find the following:

Taint Mode

--PotPieMan

[reply]