[Omaha.pm] Database -> XML
jay at jays.net
Fri Apr 20 14:15:58 PDT 2007
On Apr 16, 2007, at 1:20 AM, George Neill wrote:
> Does Omni::DB take care of cleansing $prop from injections and such?
No, it doesn't. But that's an excellent concern to raise.
$prop (aka property aka hotel) is just hard-coded in my program source
code for now. Later it will be in a loop controlled by the database
(our "hotels" table has one row per hotel and prop is a key).
If I was ever going to accept $prop as input from the outside I'd (1)
sanitize it with a regex, (2) make sure it was in a DBI placeholder,
not just running loose in an SQL string, and (3) use Perl's taint mode.
... err: confession: I never use Perl's taint mode. But at least I'm
aware that I probably should. Does that count? :)
> I think your code below is simple enough and would be easy to maintain
> for a handful of tables.
Ya. I like it. Obviously it gets uglier as the table joins get uglier
and/or the mapping needs to be nested/regrouped/etc, but I think the
final result is as pretty as its going to be in any language. :)
More information about the Omaha-pm