Re^4: Removing malicious HTML entities (now with more questions!)

"If you are entering anything into a db then you might want to SQL-escape it too so that people can't hijack your database"

By using placeholders, right?

I'm so adjective, I verb nouns!

chomp; # nom nom nom

Comment on Re^4: Removing malicious HTML entities (now with more questions!)

Replies are listed 'Best First'.
Re^5: Removing malicious HTML entities (now with more questions!) by LesleyB (Friar) on Aug 18, 2008 at 10:56 UTC
What are placeholders in DBI, and why would I want to use them? doesn't seem to indicate that the fields are escaped in any way ... but they might be. You might want to read this and read the docs on `$dbh->prepare()` and `$dbh->quote()`	[reply] [d/l] [select]