Hi,

Yes, knowing that it's insecure is no excuse, fix it!

Besides the fact that the connection data shouldn't be in the cgi script itself, it should be read from a configuration file, that's it's better to use RaiseError so that you don't need to check every time if something went wrong in the last query; that you should use CGI module for getting the parameters, etc... that using that way of handling input will bring you soon to problems with SQL Injection, see placeholders in DBI module. Take a look at the code itself because this while doesn't make much sense...

Regards,

fmerges at irc.freenode.net

In reply to Re: Not working in IIS and it is very Insecure by fmerges
in thread Not working in IIS and it is very Insecure by raviguhani

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.