![]() ![]() The function call is supposed to retrieve a record from the CUSTOMERS table where the name column matches the name specified by the user. To demonstrate the problem, consider this excerpt − In the example below, the name is restricted to the alphanumerical characters plus underscore and to a length between 8 and 20 characters (modify these rules as needed). ![]() Never trust user provided data, process this data only after validation as a rule, this is done by Pattern Matching. Injection usually occurs when you ask a user for input, like their name and instead of a name they give you a SQL statement that you will unknowingly run on your database. This chapter will teach you how to help prevent this from happening and help you secure your scripts and SQL statements in your server side scripts such as a PERL Script. If you take a user input through a webpage and insert it into a SQL database, there is a chance that you have left yourself wide open for a security issue known as the SQL Injection.
0 Comments
Leave a Reply. |