Leser: 20
2010-09-06T12:40:27 karhusoUm eingeschleusten schadhaften Code unschädlich zu machen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#--------------------------------------------------------------------------------------------------------#
# Herstellen der Datenbankverbindung
#--------------------------------------------------------------------------------------------------------#
our $db = DBTools->new();
$dbh = $db->connect_($cfg->val('connection', 'data_source'), $cfg->val('connection', 'user'), $cfg->val('connection', 'pass'));
#--------------------------------------------------------------------------------------------------------#
# SQL aufbauen
#--------------------------------------------------------------------------------------------------------#
$sql = qq~
SELECT html, html2
FROM pkv.a_test_fetch
~;
$sth = $dbh->prepare($sql) || &Error ("Datenbankfehler 1 prepare!\n",$dbh->errstr,"");
$sth->execute() || &Error ("Datenbankfehler 1 execute!\n",$dbh->errstr,"");
$sth->bind_columns(undef,
\$html, \$html2) || &Error ("Datenbankfehler 1 bind_col!\n",$dbh->errstr,"");
while(defined(&clean_html($sth->fetch()))){
print "\nHTML: $html\n";
print "\nHTML2: $html2\n";
}#ende while
$sth->finish() || &Error ("Datenbankfehler 1 finish!\n",$dbh->errstr,"");
#--------------------------------------------------------------------------------------------------------#
# Subfunktion clean_html
#--------------------------------------------------------------------------------------------------------#
sub clean_html($){
my $array_ref = shift;
if(ref($array_ref) eq 'ARRAY'){
my $counter = 0;
foreach (@{$array_ref}) {
@{$array_ref}[$counter] = CGI::escapeHTML($_);
$counter++;
}#ende foreach
return $array_ref;
}
else{
return undef;
}
}#ende sub
QuoteCode (perl): (dl )1 2 3 4 5 6my $counter = 0; foreach (@{$array_ref}) { @{$array_ref}[$counter] = CGI::escapeHTML($_); $counter++; }#ende foreach
1 2 3
for my $element ( @{ $array_ref } ) { $element = CGI::escapeHTML( $element ); }#ende for