[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Steve Marvell wrote: > > Let's hope $variable doesn't become something like ... > > sponge'; drop database blah; > > ... shall we :) I believe (at least for most database drivers) that the Perl DBI module only allows one statement per statement handle. Thus you have to be more imaginative in the SQL you inject into Perl scripts. Using a sub-clause to rip information from user/password tables or calling procedures are the usual methods (so I'm told). But don't worry the bad guys are really good at that sort of thing. > Passing variables through the execute process is very very safe. It > quotes, escapes and is rather splendid all round. ... and can be faster. It will be faster if you do the same query repeatedly. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html