On 1/19/2010 3:23 PM, Kynn Jones wrote:
> I have a Perl CGI script (using DBD::Pg) that interfaces with a
> server-side Pg database. I'm looking for general
> guidelines/tools/strategies that will help me guard against SQL
> injection attacks.
>
> Any pointers/suggestions would be much appreciated.
>
> ~K
>
prepare your queries:
my $q = $db->prepare('select something from table where key = $1');
$q->execute(42);
and..
$db->do('update table set field = $1 where key = $2', undef, 'key', 42);
(*guessed at the do(). I think there is an undef in there, or something*)
-Andy