Database queries?? I don't think so. If you're letting your user tell you what query you're going to run, you're asking for bankruptcy. I would never allow my users to construct queries through a Perl app. If they need to be constructing queries, give them SQL*Plus access. It has had 9 major revisions to get security and other issues correct. Plus, they'll be executing based on the roles they were granted, not the roles the application was granted.

Personally, I tell my users "Please choose from the following options" which I have supplied to them. I then combine those options according to a very flexible (but rigid) set of rules to construct the query on the fly.

As for message filtering ... you don't need to use eval, there, either. You use either dispatch or switch statements. Unless, of course, you like playing on the edge. I do something exactly like this in PDF::Template, in my <if> node. You get to indicate the LHS, RHS, and the operator. If I don't recognize the operator, then it's a numeric equality check. If you don't like that, tough. And, it's the same with the mathematical operators. You get the four basic ones. Anything else and I complain. Loudly.

You can never NEVER trust your users, even if it's just to keep them from typing 'rm -rf /' accidentally.

------
We are the carpenters and bricklayers of the Information Age.

Then there are Damian modules.... *sigh* ... that's not about being less-lazy -- that's about being on some really good drugs -- you know, there is no spoon. - flyingmoose

In reply to And you trust your users why? by dragonchild
in thread Parsing conditional expressions by Lorand

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.