[Dbix-class] Correct (and secure) searching using -like?

Octavian Rasnita octavian.rasnita at ssifbroker.ro
Tue Oct 9 08:04:50 GMT 2012

From: will trillich =

  Octavian -- Inlining the values, as you say, would be fraught with peril =
-- DBI (and DBIx::Class) know better, so it's not a problem. It's not speci=
al to the -like operator, it's part of how DBIC works. =

  So if someone put nefarious strings in one of the ID values, it'd still b=
e quoted.


  Yep, thanks. I was wrong, because if DBIC escapes the special chars in th=
e values for -like hash keys, it shouldn't matter if those values are store=
d in a scalar var, or a quoted string that might contain scalar vars.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/dbix-class/attachments/20121009/b9d=

More information about the DBIx-Class mailing list