[Catalyst] {OT] protecting against attacks with multilingual input

[Daniel McBrearty]

>
> If you're talking about sql injection then presumably you could do
> this exactly the same as you would any other input field - use sql
> placeholders in a prepared query rather than blindly pasting
> untrusted input as sql.
>

This is what I'm talking about. I don't know this technique - I
thought the only approach was to filter input. I'm using DBIx, AFAIK
it does use placeholders ... ? If so, I can just take input, do some
basic "sanity" filtering, and store?

XSS is not such a worry - I'm not dealing with financial transactions
or such. It's more people being able to compromise the server that I
am thinking of.


Phaylon : sure. A simple example would be, say, a multilingual web
forum. A text field would have a size limit, but other than that most
any utf8 character could be input.

-- 
Daniel McBrearty
email : danielmcbrearty at gmail.com
www.engoi.com : the multi - language vocab trainer
BTW : 0873928131