My DB taint options are: Taint => 0, TaintIn => 1, TaintOut => 0,

It works for me, I mean I get the error about insecure dependency.

#!/usr/bin/perl -T

use strict;
use warnings;
use DBI;
use CGI;
use Data::Dumper;

my $cgi = CGI->new;
print $cgi->header(-type => 'text/plain');

my $dbh = DBI->connect(qw(dbi:mysql:test user pass), {RaiseError=>1, T
+aint=>0, TaintIn=>1, TaintOut=>0});
my $id;
($id = $cgi->param('id')) ? get_user() : normal_page();

sub get_user {
    my $sth = $dbh->prepare('select * from user where id = ?');
    #($id) = $id =~ /^(\d+)$/;
    $sth->execute($id);
    my $user = $sth->fetchrow_hashref;
    $sth->finish;
    die "There's no such user id ($id)\n" unless defined $user;
    print Dumper($user);
}

sub normal_page {
    print 'Hello there';
}
[download]

And I got this from the error log when calling user.cgi?id=1:

Insecure dependency in parameter 1 of DBI::st=HASH(0x8265f88)->execute
+ method call while running with -T switch at /path/to/user.cgi line 2
+0.
[download]

If I uncomment the untainting line, I got this on the browser (as found in the table):

$VAR1 = {
          'pass' => 'perl',
          'location' => undef,
          'name' => 'perl',
          'id' => '1'
        };
[download]

---

Open source softwares? Share and enjoy. Make profit from them if you can. Yet, share and enjoy!

Are you sure you're not untainting somehow (eg with a regex)? Can you present a small CGI program which demonstrates the problem?

Clint

Deep within a module I am using I found this code lurking: # Untaint all ENV variables foreach ( keys %ENV ) { $ENV{$_} =~ m/(.*)/; $ENV{$_} = $1; } So it looks like I'm untainting QUERY_STRING, which would be my problem. Thanks for your help pointing me in the right direction.