in reply to Re: Can't pass email address in SQL select statement
in thread Can't pass email address in SQL select statement

If $address, presumably coming from user input, should happen to contain '; DELETE FROM username WHERE id > -1; ', what do you do?

The correct solution is to use placeholders (or if you feel like typing more code, DBI::quote), as the other posters pointed out.

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

:(){ :|:&};:

Note: All code is untested, unless otherwise stated

Replies are listed 'Best First'.
Re: Re: Re: Can't pass email address in SQL select statement
by CountZero (Bishop) on Oct 20, 2003 at 18:58 UTC
    And use Taint-mode to guard against dangerous user input.

    CountZero

    "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]

In Section Seekers of Perl Wisdom