[Dbix-class] Correct (and secure) searching using -like?
octavian.rasnita at ssifbroker.ro
Tue Oct 9 08:04:50 GMT 2012
From: will trillich =
Octavian -- Inlining the values, as you say, would be fraught with peril =
-- DBI (and DBIx::Class) know better, so it's not a problem. It's not speci=
al to the -like operator, it's part of how DBIC works. =
So if someone put nefarious strings in one of the ID values, it'd still b=
Yep, thanks. I was wrong, because if DBIC escapes the special chars in th=
e values for -like hash keys, it shouldn't matter if those values are store=
d in a scalar var, or a quoted string that might contain scalar vars.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the DBIx-Class