Re: is this script secured enough from internet attacks

The antiInjection sub is bullshit. The real way to prevent SQL injections is to use prepared statements and placeholders, instead of disallowing use of some SQL keywords in data.

The checks for "forbidden characters" in the params depends on what you want to do with them eventually, so there's no way for us to assess if it's secure for your use case.

Perl 6 - second systems done right

Comment on Re: is this script secured enough from internet attacks Download Code

Replies are listed 'Best First'.
Re^2: is this script secured enough from internet attacks by tercoz (Acolyte) on Jun 17, 2011 at 08:31 UTC
Thank you, I shall remove that sub. As I am new here I don't know how to give points, I want to thank you and other people for helping me(points), which way can i do so7	[reply]
Re^3: is this script secured enough from internet attacks by Sewi (Friar) on Jun 17, 2011 at 19:24 UTC
Prepared statements and placeholders don't always work as expected (for example FreeTDS has problems there). unpack could cover all injection attempts: `'INSERT INTO foo(bar) VALUES(0x'.unpack('H*',$value).')'` [download]	[reply] [d/l]
Re^4: is this script secured enough from internet attacks by Discipulus (Canon) on Jun 27, 2011 at 13:09 UTC
how does this unpack H* insert into work? there are no rules, there are no thumbs..	[reply] [d/l]
Re^5: is this script secured enough from internet attacks by Anonymous Monk on Jun 27, 2011 at 13:20 UTC