[Dbix-class] Correct (and secure) searching using -like?
Octavian Rasnita
octavian.rasnita at ssifbroker.ro
Tue Oct 9 08:04:50 GMT 2012
From: will trillich =
Octavian -- Inlining the values, as you say, would be fraught with peril =
-- DBI (and DBIx::Class) know better, so it's not a problem. It's not speci=
al to the -like operator, it's part of how DBIC works. =
[cut]
So if someone put nefarious strings in one of the ID values, it'd still b=
e quoted.
=
Yep, thanks. I was wrong, because if DBIC escapes the special chars in th=
e values for -like hash keys, it shouldn't matter if those values are store=
d in a scalar var, or a quoted string that might contain scalar vars.
Octavian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/dbix-class/attachments/20121009/b9d=
18129/attachment.htm
More information about the DBIx-Class
mailing list