Full Disclosure mailing list archives
Re: Question: is this exploitable?
From: merlyn () stonehenge com (Randal L. Schwartz)
Date: 18 Oct 2003 07:16:13 -0700
"Paulo" == Paulo Pereira <pjp () paulo-pereira net> writes:
Paulo> $sth = $dbh->prepare("insert into projects values(null,\"$project\")"); This clearly should have been: my $sth = $dbh->prepare("insert into projects values(null, ?)"); $sth->execute($project); which will Do The Right Thing. Placeholders, people. Placeholders. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <merlyn () stonehenge com> <URL:http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Question: is this exploitable? Paulo Pereira (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)
- Re: Question: is this exploitable? Jason Dixon (Oct 18)
- Re: Question: is this exploitable? Randal L. Schwartz (Oct 18)
- Re: Question: is this exploitable? John Sage (Oct 18)
- Re: Question: is this exploitable? Codex (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)
- Re: Question: is this exploitable? Paul Tinsley (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)
- Re: Question: is this exploitable? Paul Tinsley (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)