Gossamer Forum: General: Perl Programming: Re: [Chaz] perl with mysql (join sugestion ): Edit Log

Gossamer Threads

Home : General : Perl Programming :

General: Perl Programming: Re: [Chaz] perl with mysql (join sugestion ): Edit Log

Here is the list of edits for this post

Jul 13, 2005, 9:37 PM

NamedRisk

User (51 posts)

Jul 13, 2005, 9:37 PM

Re: [Chaz] perl with mysql (join sugestion )

How can they possible do it with a code like

$name = $form->param('name');
$city = $form->param('city');

$sql_data = "id = '$id'";

if($name ne '') {
$sql_data .= " AND name = '$name'";
}

if($city ne '') {
$sql_data .= " AND city = '$city'";
}

# and so on
$sql = "SELECT * FROM users WHERE $sql_data ORDER BY name";

i think if they increse a ; into 1 of that value they would be disconsider as command.

wont it ?

Last edited by:

NamedRisk: Jul 13, 2005, 9:38 PM

Edit Log:

Post edited by NamedRisk Post edited by NamedRisk (User) on Jul 13, 2005, 9:38 PM

Gossamer Threads is a Vancouver-based company with over 28 years experience in web technology. From development to hosting, we partner with leading organizations around the globe and help to build their web presences, strategies and infrastructures.

Let’s talk: 1-877-715-7676