DCPM: CGI and Database sanitising
Matthew Browning
mb at matthewb.org
Wed Oct 29 11:53:32 CST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 17 October 2003 18:47, Simon Waters wrote:
> Matthew Browning wrote:
> > On Thursday 16 October 2003 20:41, Simon Waters wrote:
> >>What ways do people use to sanitize data from tainted CGI data
> >
> > Use of placeholders protects you from this kind of thing. We are
> > also religiously checking untrusted user input with regexes. There
> > is also this CGI::Untaint module:
> >
> > http://search.cpan.org/~tmtm/CGI-Untaint-1.00/lib/CGI/Untaint.pm
>
Nothing mind-blowing but Simon Cozens has recently written an article
for perl.com which touches on the subject of placeholders and best
practice with DBI/DBD:
http://www.perl.com/lpt/a/2003/10/23/databases.html
Received wisdom is that there's really only one way to do it ;)
MB
- --
http://matthewb.org/public_key.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/n/6cy5o0lRFL2ooRAiMYAKDTvz1k/qZCyFg7+uAZQ2jmQKhYNQCfYR/U
X9wavJD5WLKMaA7VqcAYyj8=
=NQ7l
-----END PGP SIGNATURE-----
More information about the Devoncornwall-pm
mailing list