On Dec 26, 2005, at 3:44 PM, Charles K. Clarkson wrote:
It is usually better to eliminate as many special characters in a search pattern as possible. Not doing so a is big security risk. The 'quotemeta' function and the \Q operator are meant for this purpose. Also check out the references to tainted data in perlsec and in perlfaq7. You're right, '*' is a handy way to match all the records in your case. Just be aware of the pitfalls involved in relying on special characters to do the work. There are many many people out there who can wreak havoc on your server if you allow it. Beware. HTH,
Sorry about the slow reply, It certainly does help, thank you very much Charles.
I wasn't too worried about it because the only thing the user can match against is a pre-defined list and I don't see how this creates a security risk. I haven't been able to get any unexpected or insecure results using meta characters (other than the one I mentioned), but I went ahead and made the changes referenced in the docs you pointed to anyway. I guess I can just write my own code to handle a wildcard search if it's really needed.
Kindest Regards, -- Bill Stephenson -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>