in reply to Re^2: is this script secured enough from internet attacks
in thread is this script secured enough from internet attacks

Prepared statements and placeholders don't always work as expected (for example FreeTDS has problems there).

unpack could cover all injection attempts:

'INSERT INTO foo(bar) VALUES(0x'.unpack('H*',$value).')'

[download]

Replies are listed 'Best First'.
Re^4: is this script secured enough from internet attacks
by Discipulus (Canon) on Jun 27, 2011 at 13:09 UTC

    how does this unpack H* insert into work?
    there are no rules, there are no thumbs..
[reply]
[d/l]
      Hex encoded data is [0-9A-F] 
      $ perl -e "  print unpack q[H*], join q[],@ARGV "  1 "<" 3 " Foo"
313c3320466f6f
$ perl -e "  print pack q[H*], join q[],@ARGV "  313c3320466f6f
1<3 Foo

      [download]
      I doubt the pack tradeoff is preferable as a workaround for a problem in FreeTDS (which I doubt exists)
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom