Leser: 1
|< 1 2 3 4 >| | 32 Einträge, 4 Seiten |
1
2
3
my $wert = "Hallo, wie geht's??";
my $sth = $dbh->prepare('Select from table where text = '$wert');
$sth->execute();
1
2
3
my $wert = "Hallo, wie geht's??";
my $sth = $dbh->prepare('Select from table where text = ?);
$sth->execute($wert);
Quoteschmeisst der alles raus was eine Injection-Gefahr bringt?
1
2
3
4
5
# nur zum Zeigen ohne Fehlerabfrage
my $sth = $dbh->prepare("INSERT INTO table VALUES(?)");
for(qw(Hallo Welt dies ist ein Test)){
$dbh->execute($_);
}
local $params = shift; @params = @{$params};
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
@p_sql_tmp=();
&open_sql('SELECT * FROM injection_test WHERE psw='.v($psw).' AND Nummer >'.v($numm), \@p_sql_tmp,$DB_DSN); #Start MSSQL
while ( $result = $sth->fetchrow_hashref() )
{
print $result->{'psw'}." -> ".$result->{'Geheim'}.' -> '.$result->{'Nummer'}."\n";
}
&close_sql; #END MSSQL
#--------------------------- subs ----------------
sub v
{push(@p_sql_tmp,shift);return '?';} &
nbsp; #Paramenter
#-- meine alte subs aber leicht angepasst --
sub open_sql
#SQL öffnen
{
# local $state = shift;
# local $params = shift; @params = @{$params}; #XXX
# local $con_strig = shift;
$dbh = DBI->connect($_[2],'user');
$sth = $dbh->prepare($_[0]);
$sth->execute(@{$_[1]});
}
sub close_sql { $sth->finish(); $dbh->disconnect();} #SQL schliessen....
1
2
3
4
5
6
7
8
9
10
11
12
13
my $dbh = DBI->connect($db_dsn,'user') or die $DBI::errstr;
my $sth = fire_sql($dbh,$psw,$numm);
while(my $result = $sth->fetchrow_hashref() ){
print $result->{'psw'}." -> ".$result->{'Geheim'}.' -> '.$result->{'Nummer'}."\n";
}
sub fire_sql{
my ($dbh,@params) = @_;
my $stmt = 'SELECT * FROM injection_test WHERE psw=? AND Nummer > ?';
my $loc_sth = $dbh->prepare($stmt) or die $dbh->errstr();
$loc_sth->execute(@params) or die $dbh->errstr();
return $loc_sth;
}
1
2
3
4
$v{'psw'} = '?';
$v{'numm'} = '?';
"SELECT * FROM injection_test WHERE psw=$v{'psw'} AND Nummer > $v{'numm'}";
|< 1 2 3 4 >| | 32 Einträge, 4 Seiten |