in reply to encoding to prevent sql injection in both perl and php

Given that you seem to be talking about binary values, what are you storing?

The sqlite_escape_string() function probably does much the same as the quote method in DBI, which of course is really surplanted by using placeholders.

If you need true binary capability then MIME::Base64 is probably as good as anything. But it seems you really only want escaped values. Try writing the escaped version into SQLite and see what DBI reads back!

jdtoronto

  • Comment on Re: encoding to prevent sql injection in both perl and php

Replies are listed 'Best First'.
Re^2: encoding to prevent sql injection in both perl and php
by mandog (Curate) on Aug 24, 2006 at 21:44 UTC

    I'm storing text, name, address, phone, etc, plus whatever null bytes and other naughtiness the world gives me. I do just need to escape stuff, but I need (want?) to do it in a consistant, documented, predictable way.

    I am loath to just try it, as the effort of using MIME encoding is less than the effort of developing a validation suite. :->

[reply]

In Section Seekers of Perl Wisdom