Leif K-Brooks wrote: > John Bokma wrote: >> Not. Perl and Java use similar methods where one can specify place >> holders, and pass on the data unescaped. But still injection is >> possible. > > How?
my $sort = $cgi->param( "sort" ); my $query = "SELECT * FROM table WHERE id=? ORDER BY $sort"; -- John MexIT: http://johnbokma.com/mexit/ personal page: http://johnbokma.com/ Experienced programmer available: http://castleamber.com/ Happy Customers: http://castleamber.com/testimonials.html -- http://mail.python.org/mailman/listinfo/python-list
