Re^4: eval dilema

yes sorry, no eval in c, i was thinking of preprocessors expands

i dont think using eval is that bad idea, all the vars are in the scope and what do you mean by 'unfiltered input'?

think about it as of advanced search similar you can find on almost any website. select query you're constructing varies depending on the options user chose so as $sth->excute argument list

Comment on Re^4: eval dilema

Replies are listed 'Best First'.
Re^5: eval dilema by Corion (Patriarch) on Jul 14, 2008 at 11:10 UTC
If the user enters `system -rf /` into your program or `Robert'); DROP TABLE Students; --`, you will get problems, depending on how exactly you're accepting the user input. You most likely want to read up on DBI place holders. eval is the wrong tool for this. If you need to dynamically construct a query with varying expressions, you should still use DBI placeholders instead of trying to use eval or string interpolation or string concatenation.	[reply] [d/l]
Re^6: eval dilema by zdzieblo (Acolyte) on Jul 14, 2008 at 11:17 UTC
ok, dont you think that if you're evaluating argument list for $sth->excute() you must have already used place holders?	[reply]