Re^3: Hacker Proofing My Script

in reply to Re^2: Hacker Proofing My Script
in thread Hacker Proofing My Script

jZed -

So you say if my database, which is mySQL 3.22.32, supports placeholders, then I don't have to worry if the DBD supports or emulates them?

Thanks
Adam

Comment on Re^3: Hacker Proofing My Script

Replies are listed 'Best First'.
Re^4: Hacker Proofing My Script by jZed (Prior) on Oct 04, 2004 at 21:13 UTC
I don't know a heck of a lot about MySQL, but according to gmax's excellent New twist for DBD::mysql, DBD::mysql currently does emulate placeholders but in such a way as to preserve security. I'd suggest reading his node for further details.	[reply]
Re^5: Hacker Proofing My Script by CountZero (Bishop) on Oct 04, 2004 at 22:24 UTC
It doesn't seem to be totally secure: As for LIMIT ?,?. The reason why it was not supported since 2.9002 is that it allowed for sql injection attacks, and it is not trivial to fix, in fact, I just scanned over Patrick's code and found a bug in the LIMIT handling code as can be read in Re: New twist for DBD::mysql. CountZero "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law	[reply]

In Section Seekers of Perl Wisdom