in reply to Re: is this script secured enough from internet attacks
in thread is this script secured enough from internet attacks

Thank you, I shall remove that sub. As I am new here I don't know how to give points, I want to thank you and other people for helping me(points), which way can i do so7
  • Comment on Re^2: is this script secured enough from internet attacks

Replies are listed 'Best First'.
Re^3: is this script secured enough from internet attacks
by Sewi (Friar) on Jun 17, 2011 at 19:24 UTC

    Prepared statements and placeholders don't always work as expected (for example FreeTDS has problems there).

    unpack could cover all injection attempts:

    'INSERT INTO foo(bar) VALUES(0x'.unpack('H*',$value).')'

    [download]

[reply]
[d/l]

      how does this unpack H* insert into work?
      there are no rules, there are no thumbs..
[reply]
[d/l]
        Hex encoded data is [0-9A-F] 
        $ perl -e "  print unpack q[H*], join q[],@ARGV "  1 "<" 3 " Foo"
313c3320466f6f
$ perl -e "  print pack q[H*], join q[],@ARGV "  313c3320466f6f
1<3 Foo

        [download]
        I doubt the pack tradeoff is preferable as a workaround for a problem in FreeTDS (which I doubt exists)
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom