Training, Open Source computer languages
PerlPHPPythonMySQLApache / TomcatTclRubyJavaC and C++LinuxCSS 
Search for:
Print friendly page
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
 
For 2023 - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
Use of qq{ to prevent Mysql injection

Posted by dave (dave), 16 January 2003
I use this code to double quote any query for a mysql database.

$a = $dbh->quote("String from a web form");

$dbh->prepare(SELECT * FROM tab WHERE a=$a);

It's possible to use something like this:

$dbh->prepare(qq{SELECT * FROM tab WHERE a=$a})

It seems not to work !

Thanks

Posted by admin (Graham Ellis), 16 January 2003
What do you get back?   Nothing at all?   Have you checked the errstr?    

I can see noting obviously wrong;  personally, I wouldn't use $a as that's a special variable used in sort, and I would use a different delimiter to { and } in my qq.  I don't see that either of those two changes will effect your specific problem though.

Did a quick sanity check .... following code worked for me.  You may be able to spot something different to what you've done??

Code:
#!/usr/bin/perl

use DBI;

$db_handle = DBI -> connect('DBI:mysql:test:dhansak:3306',
               'trainee','abc123', {RaiseError => 1})
               or die ("connection: $DBI::errstr\n");

$a = $db_handle->quote("ia");

$getkey = $db_handle -> prepare
      (qq{SELECT * FROM arrivals where near RLIKE $a});
$getkey -> execute;

while (@row = $getkey->fetchrow) {
       print "@row\n";
       }


Posted by dave (dave), 17 January 2003
Thanks Graham,

but what's happen if i don't use $dbh->quote() ?

Are there alternative ways to prevent mysql injection like addslashes() in php?
(eg. malicious use of singol quote from a web form to retrieve password from a database)

Regards

Posted by admin (Graham Ellis), 17 January 2003
Ah - I understand the question better now - you're looking to find a way in Perl to prevent special characters in the search string creating a problem, and you're looking to do so without having to use the quote function in the DBI module ...

Firstly, I would encourage you to use quote as you did in your first example - qq is just another way or writing a double quoted string and all it does is prevent you from having to put a \ in front of the " character if it needs to appear as a literal in the string.  You've made a comparison to "addslashes" in PHP - good -  PHP's addslashes and the DBI's quote fill the same role; the difference in that addslashes is part of the main PHP distribution, but quote is part of a module in Perl.   When you think about it this makes sense, as releases of Perl are much less frequent than releaeses of PHP, and also the philosophy of PHP is to include much more in the coire distribution.

Having recommended you use the quote function,  you could use \Q and \E within your double quoted string to force the addition of extra backslashes within an area of that string.  Bear in mind that this has been in Perl for a very long time, and will add more \-es than you really need:

Code:
[localhost:~/jan03] graham% cat dave


$string = qq!This is a "string of text" which shouldn't contain backslashes\n!;
$string2 = qq!This's a "\Q"string of text"\E" which should contain backslashes\n!;

print $string;
print $string2;
[localhost:~/jan03] graham% perl dave
This is a "string of text" which shouldn't contain backslashes
This's a "\"string\ of\ text\"" which should contain backslashes
[localhost:~/jan03] graham%


Posted by dave (dave), 20 January 2003
Thanks Graham,

I'll definitely use quote function

Regards
Dave


This page is a thread posted to the opentalk forum at www.opentalk.org.uk and archived here for reference. To jump to the archive index please follow this link.
You can Add a comment or ranking to this page
Public Training Courses
Running regularly at our UK training Centre.
[Schedule] - [About] - [Book]
Other Forum Posts
Reading multiple lines after a pattern match
Time out setting
how to make permanent button
Cookies or ?
Field comparison
hostname substitution to form url in xml
Earth to Graham
Perl.exe Entry Point Not Found
Help on this perl requirement
Error while using use srict
Local and GMT Time Difference
Command to find LOC
find and replace
group the similar item
Ping code
Perl and mySQL select probmes
working with csv columns in Perl
parsing using 2d array
code for accessing columns
Counting the occurance of an element ian array
Stop Words
how to read log and display in csv file using perl
Adding comma(,) after every number+ perl
Regarding how to use time interval in ms.
Using perl how to open the browser page
Module or Library File
question about array
Flocking
working data sorting
dd command along with ftp in perl
redirest FTP output to a text file using perl
Renaming and Editing Multiple files
read file character by character
delete
FTP using perl
Using a character string count
how to extract the abbreviation from a given text
Odd linebreak
Yet another question about merging files
perl Script for connecting remote computer
counts ans summary the duplicates
question
merge two CSV file's data in one CSV File
copying the contents within the links
Server Side Includes
Read INI
finding position other than 1st using index
Replacing parts of lines
mirror.pl
problem in do until loop
how to join two sets of data?
Matches and mismatches in perl
help in perl
Perl and SSH2 problem
whats wrong??
Please Help on Perl Scripting.
how to get clusters
How to download files in Perl
How to get the mean?
How to take the data from array
Dealing with a large number of dictionaries.
Creating a random series of numbers with perl.
PERL Script to extract the data from word pad.

PERL PROGRAM
reading multiple lines
Need Your help
Pagination
any other way?
user input
first 2 words only!!!!!!!!!!!!
removing and counting duplicates in file
to make work faster??
populating hash from a file??
discard the first line
input from another program
help on data retrival
GD::Graph
script
fragment of data extraction
file writing
to find the matches
csv file to table file
to move in a line
Mysql in Perl
Perl and HMTL Code Fix
error in execution.
Help convert from c shell to perl
filehandlers in perl
Error with CGI on Tomcat
search for a word and store next 2 decimal numbers
Help on perl module
A question about user input
LWP::UserAgent Get a page after authenicating SSL
wats wrong in this expression
How to read a Word file and parse data
reguler exprssion
USE USERNAME FROM LOGIN FORM TO THE 3rd PAGE WEB ?
how to get jus the dna sequnce
creating relations between tables
how to parsse this
How Convert Cross Link ID using Perl
how to change?
send a variable from perl to html
Calling a perl script from another perl script
adding comas and newline into write out data
How to check this? :(
grep
ssh using exec()
whats the error?
re-arranging file info and written into another fi
hash
executing command
foreach..
Erasing an array..
Mechanism of foreach iteration..
Comin out of a directory..
Back references
Renaming files
modifying files..
any option other than substr
using reg exp with index()
display content in file to listbox
graphing with perl
Globbing
find modified file since a specific date
Setting up multiple directories
HTML Tokeparser problem
How to install a module in local linux machine
how to link html file from perl program
CHMOD query
Replace block of HTML
how to read and display from csv file using perl
Parent process unable to read messages from child
trying to create test file of existing cgi page --
CGIWrap encountered an error  
A case of a missing file that is somehow refrenced
Apostrophes
Variable call subroutine?
Modifying a perl file upload script to handle 10 f
Extracting difference in hours...
Curses
unable to calculate file size greater than 1 GB us
merging files with similar records
adjust volume?
DB Files
Module to grab html pages
Perl - Bit Manipulation
How to write a module?
Extract first 20 words
parsing of 8bit binary data bitwise  
Conversion of Hex bytes to binary and vice versa
Help in regular expression
BB Code
Brain Hurts .. Forcing PERL to write to a logfil
Parsing of Hex bytes in Perl
reading latest file
Column alignment
detecting bots shoppers
Summation of file size according to user
Perl - remove unwanted lines
parsing outlook public folders
passing a variable from PERL into an HTML form
Simple Exact string match
Perl to export tab delimted file to Quattro Pro
Loop query
single to multiple users
Importing a regular expression from a file
Upgrading ActiveState Perl
Perl help needed
Net::FTP and forks, Win32
Moved: Just try to solveit, if you can solve
FTP GET for a large file from mainframe.
Finding Modified dir's top level (Windows
Expiry Script
DBI module missing
Calling external programs
Connecting to MySQL over an unreliable network
Emailing from Perl on Windows platforms
Slicing a long number
Cheers etc.
Perl and .NET Cryptography
Linebreaking in html
help with getOpts
help with creating 2D array in perl requested
stuck making a small change to a script
cannot move file using file::copy module
simple reg exp
perl code for btree
detecting browser cookies
More details link to reveal a data column
Perl CGI scripts with SSI in Tomcat
How to clean up week old log files using perl
Perl and MYSQL
how to close a comport in perl?
HTML Data
SSI inside an SSI
Running Perl CGI scripts under Apache Tomcat
Very Very Urgent
Happy Christmas
Regular Expression Help
Windows Mailer
reading a text file and extracting info
Removing blank columns in csv file
Missing modules problem on host
vnukelog from within Perl
CGItemp files
Perl and Guestbook
Perl and excel file HELP PLZ
setting Sticky bit on perl script
Perl and XML
FTP from Perl?
Please find me a solution with this problem
amazing Perl "one liner"
email email
Detecting if file is Macintosh, Windows or Unix
RegEx in scalar
IO::Socket::INET same port
Tk button auto repeat
How to create a file with specific date and time
Send variable to another file
Using Grep to search through an array ?
replace text in a large text file
Is this possible?
sequence file into a numeric file
Cleaning out files for a specified user
How to use Perl references?
Use Perl to create symlinks
Issue with Grep
work on files in a directory
Eights and nines
please help us to beta-test new Perl Editor
Problem with localtime
problem installing perl modules

CHMOD a perl script created file
Finding the latest version number
Writting a script to break a file
Thanks
Attach text file to email
Unliked characters
sorting the spread sheet
Hash of FileNames and FileHandlers
Playing Wav/Mp3s when users visit my Perl site
How to split a file but not line by line
Executing External commands on Unix
Sorting a list of hashes
Win32::MIDI
convert xyz cordinates to distance
Like a real navigator ?
Is this a hash in an SQL insert statement?
Reduce the time taken for Huge Log files
Passing several lists to a sub
Moved: UK Perl Job
updating a file
Simple script to strip out MD5 checksums
perl script
how to tokenize in perl
FILE CONVERSION TO AN ARRAY OF ARRAYS
Delete specific file in directory.
Using CPAN
Filter Large Log Files.
HTML code in Perl
Help with this code please
Perl Regex One-Liner To Substitute Multiline Text
Question regarding %_ ?
perl coding standards
Guestbook.pl
segment a text using Perl (help TreeTagger)
get input onchange into link
Is there most correct way save http request as xml
perllocal.pod
shortest match between XML tags
Safety of actevex by ActiveState PerlCtrl
Read all but the first line from a file
change a perl prog
using one installation of perl from many machines
converting from c-shell
Single quoted command. OK in test, fails in CGI
How to Modify the Windows Registry
Dialling codes for Ireland - a quick Perl Script
perl basic
Eliminate single blank lines
SNMP and PERL
Address Book
MCpan error
of course
HTML link define variable for search script?
Fonctionnement Perl/Tkto
Send a sound...
how to compare word for word
Retired web pages
Moved: MIB
Perl / Database
User creation and password setting in Perl code
Processing email "bounce backs"
Extracting some fields from a data File
Need some help with CGI script to automate ssh
Gradual output from cgi script
public beta testing of EnginSite Perl Editor.
Ping from Perl?
Interpolating text from a file
merging two files
extracting from an ascii file
(bmp, ...) 2 jpg
Excel Download Perl CGI
How to generate an error message and exit
convert a MS Word doc into multiple HTML pages
Using Perl to compile Java
Capturing repeating values in reg exp!
mod_perl config problem with apache ?
References and variables in Perl - a summary
Monitoring a Perl program
Operating on every scalar in a list
patterns in patterns
empty file on upload
Help please with Perl + regular expressions
Editing multiple files
HTTP
Image attributes from external server?
Finding Internet Explorer version number
Identifying a web site visitor
Perl & a Database
Quoting
Authentication problems
subset a list
HTML entity encoding
GD - GD::Graph
Elusive bug, modified yabb post.pl
Reading the Registry (Microsoft Windows)
Microsoft windows - what version is running?
"AND" and "OR" in regular expressions
perl modules for c libraries
Sorting Data
Removing duplicate lines with a regular expression
Perl script to Auto config Browser
CDS regions: hashes vs. Set::IntSpan
Odd variable naming question
Moved: calling system() in cgi
detecting drives
Sensing when a user leaves a web site
Aaaaaaargh! I am losing my head!
Extracting for notification
Capturing STDERR with backtics
Text formatting
Question about converting time
cross referencing
RegEx problem - finding EOL
Array references
Language parsing
max array size
Calling one cgi script from within another
RegEx
Stricht
Looking for the Paragraph subroutine
Loops
Cannot install perl module on Linux RH 8
Server response
Looking for book examples
Installing Perl 5.8 from rpm
Use of qq{ to prevent Mysql injection
Standard Class
() [] {} or <> ?
Greedy v Global on regular expressions
Overwriting files
return part of a string that matches a pattern?
New line characters - beware!
Context
Deleting a file
Do something at least once!
Finding all matches to a Regular Expression
Variable formatting - beyond printf?
Another large text file example
Say what you mean in regular expressions
Reformatting question
Running another app with a changed environment
How pass a variable from a form to a subroutine
crypt function~disallow the '/' character
Finding big files in or below a directory
Text strings - single or double quotes?
Technical Overview - Perl 6
Regular Expression Efficiency
Fastest way to replace chars
Short Perl/Tk example
how to create a two-dimensional array?
change file contents to a character array
What is "tieing"?
System calls with perl2exe
Perl 6
reading rc files
CPAN Module without root
New Perl release
What does "-e" mean in an if?
Sample Regular Expressions
Emailing from a Perl program
Testing if a variable is numeric
Use of this forum - ask those "odd" questions
Follow us on ...

© WELL HOUSE CONSULTANTS LTD., 2023: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 793803 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho