[Catalyst] untainting utf8 text for db

Daniel McBrearty danielmcbrearty at gmail.com
Thu Jun 5 19:22:02 BST 2008


yes, that's what I meant. but does using the DBIx::Class construct
sanitise, provide safety and prevent unwanted babies though?

IIRC it does for creating records.

On Thu, Jun 5, 2008 at 8:10 PM, Ash Berlin <ash_cpan at firemirror.com> wrote:
>
> On 5 Jun 2008, at 19:05, Daniel McBrearty wrote:
>
>> database contains text fields which can be in any language and contain
>> any text and punctuation
>>
>> 1. I am getting params back via a web form to create new records. What
>> do I do to validate input (apart from length check)?
>>
>> 2. I want to take a param and do a "like(%$param%)" search returning
>> matching records. How do I protect this?
>
> You mean "foo LIKE '%$param%' " and its done by
>
> $rs->search({ col => { -like => "%$param%" } })
>
> -ash
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>



-- 
Daniel McBrearty
email : danielmcbrearty at gmail.com
http://www.engoi.com
http://danmcb.vox.com
http://danmcb.blogger.com
find me on linkedin and facebook
BTW : 0873928131



More information about the Catalyst mailing list