Search Postgresql Archives

Re: plperl syntax question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thursday, March 12, 2020, Rob Sargent <robjsargent@xxxxxxxxx> wrote:

The example I saw for qq on the perl site 
print(qq(Welcome to GeeksForGeeks));
doesn’t have any quotes in arg to qq

Correct.  It also says:

qq() operator in Perl can be used in place of double quotes. It uses a set of parentheses to surround the string.

Try making the sql string without using qq
my $select = “select....’” + $user + “‘;”;
(or perhaps perl has a formatted string function like printf)

This is worse than using correctly.
 
The OP should (I think) be using a parameterized query instead of brute force string manipulation since this code is a prone to exploit.

David J.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux