in reply to CGI (in)security

Have a look at Re: Sessions, Perl and MySQL for some hints on working with databases. Although people are aware of SQL injection it never ceases to astound me that possibly 50% of all online databases will dump themseleves for you if you query for '%' or 'a%', 'b%', ... 'z%'. If you are going to allow searches using LIKE %<USER_INPUT>% think about the results if you search for wildcards.....

cheers

tachyon

Replies are listed 'Best First'.
Re^2: CGI (in)security
by kiat (Vicar) on Jun 15, 2004 at 13:17 UTC
    Thanks, tachyon!

    I do in fact intend to provide some kind of searches. Your advice is indeed very helpful :)

[reply]

In Section Seekers of Perl Wisdom