in reply to Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite

Ran your code for an Oracle 10g and got the same results. 
my $dbh =  DBI->connect('dbi:Oracle:', 'usr/pass@service_name', '') or
+ die DBI->errstr;

 ....

Connected OK to Oracle.
Clear out existing data from the test table ..
Add (44,Some benign text) to the test table ..
Add (55,Just regular data) to the test table ..
Add (66,Evil data');DELETE FROM jobs;) to the test table ..
Dump out the result.
'44', 'Some benign text'
'55', 'Just regular data'
'66', 'Evil data');DELETE FROM jobs;'
3 rows

[download]
  • Comment on Re: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite
  • Download Code

Replies are listed 'Best First'.
Re^2: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite
by talexb (Chancellor) on Jan 09, 2008 at 18:53 UTC

    Excellent!!! Thanks for doing that. Anyone else?

    Alex / talexb / Toronto

    "Groklaw is the open-source mentality applied to legal research" ~ Linus Torvalds

[reply]

In Section Meditations