in reply to Re^4: untainting or encoding for shelled sqlplus update
in thread untainting or encoding for shelled sqlplus update

I've been looking at Interpolate. How would that take care of bad characters in $bar in your example?

#my sig used to say 'I humbly seek wisdom. '. Now it says:
use strict;
use warnings;
I humbly seek wisdom.
  • Comment on Re^5: untainting or encoding for shelled sqlplus update

Replies are listed 'Best First'.
Re^6: untainting or encoding for shelled sqlplus update
by runrig (Abbot) on May 15, 2008 at 21:28 UTC
    Start with what Herkum suggests above. Make one database handle. But then create a function that (maybe untaints the data and then) calls $dbh->quote() on its argument and returns the results, then use Interpolate to tie a hash to that function. Or, don't use DBI, and just wing it to create your own escaping function.
[reply]
[d/l]

In Section Seekers of Perl Wisdom