Re^3: untainting or encoding for shelled sqlplus update

in reply to Re^2: untainting or encoding for shelled sqlplus update
in thread untainting or encoding for shelled sqlplus update

quote and quote_identifier are both database handle methods.

They have to be, because escaping is handled differently in the various DBs out there. But it's the only safe method that I know of, which is why I recommend it, and recommend refactoring as much as possible at the same time.

If you know another secure methods feel free to offer it.

Comment on Re^3: untainting or encoding for shelled sqlplus update

Replies are listed 'Best First'.
Re^4: untainting or encoding for shelled sqlplus update by ikegami (Patriarch) on May 15, 2008 at 19:26 UTC
They have to be, because escaping is handled differently in the various DBs out there If that was it, they'd be database driver handle methods instead of database handle methods. Relevant information such as the character encoding can be specific to the actual database, not just to the database driver.	[reply]

In Section Seekers of Perl Wisdom