Python or PHP?
John Bokma
postmaster at castleamber.com
Sat Apr 23 18:55:50 EDT 2005
Leif K-Brooks wrote:
> John Bokma wrote:
>> Not. Perl and Java use similar methods where one can specify place
>> holders, and pass on the data unescaped. But still injection is
>> possible.
>
> How?
my $sort = $cgi->param( "sort" );
my $query = "SELECT * FROM table WHERE id=? ORDER BY $sort";
--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html
More information about the Python-list
mailing list