新手在這裏。試圖綁定值以消除sql注入。我有下面的代碼,但我得到這個錯誤... 調用1個綁定變量時在my.cgi線需要47 803 和輸出的樣子..綁定值INSERT INTO mysql perl
$new_row='53616c7465645f5fd8b88f6a16704f8ebc0a2002dfg45633617bbb0446fa', 'test12', 'user', '2012-03-06', 'xcvb', 'xb', 'xcvbb', 'xcvbb', 'UT', 'US', '4566', '4564564566', '[email protected]', 'vbn', '', '200', 'Monthly', 'eBook', 'WebStore', '9.95', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', 'http://my.com', 'my.com', '', '', '', '', '', '', '', '', '2012-03-06', '30-Day-Trial'
$questionmarks=?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?
我試着它帶/不帶引號和逗號。任何想法讚賞。
foreach my $field (@account_field_order) {
$new_row .= "'" . param($field) . "', ";
$questionmarks .="?, ";
}#foreach
$new_row .= "'$status'";
$questionmarks .= "? ";
my $dsn = "DBI:mysql:$database";
my $dbh = DBI->connect($dsn, $MYSQLuserid, $MYSQLpassword)
or die $DBI::errstr;
my $sth = $dbh->prepare(qq(INSERT INTO $table VALUES ($questionmarks)))
or die $DBI::errstr;
$sth->execute(qq($new_row)) or die $DBI::errstr;
謝謝。這是有道理的,但當我修改它,我得到這個錯誤...調用2綁定變量時,需要在account.cgi行752. 0 – 2012-03-06 19:32:42
'foreach my $ field(@account_field_order){' \t'$ new_row。= 「'」。參數($ field)。 「」, 「;' \t'$ questionmarks =」?「;' \t'}#foreach' '@ NEW_ROW = $ NEW_ROW;'' 推(@new_row, 「 '$狀態'」); ' '$ questionmarks。=「?」;' 'my $ sth = $ dbh-> prepare(qq(INSERT INTO $ table VALUES「$ questionmarks」))or die $ DBI :: errstr;' '$ sth - >執行(@new_row)或死亡$ DBI :: errstr;' – 2012-03-06 19:38:25
好的。想象出來......'foreach my $ field(@account_field_order){0}推薦(@new_row,「'param($ field)',」); \t $ questionmarks。=「?,」;; \t} #foreach push(@new_row,「'$ status'」); $ questionmarks。=「?」; my $ dsn =「DBI:mysql:$ database」; my $ dbh = DBI-> connect($ dsn,$ MYSQLuserid,$ MYSQLpassword) 或die $ DBI :: errstr; ($ INSERT INTO $表VALUES($ questionmarks)))或死$ DBI :: errstr; $ sth-> execute(@new_row)或者死於$ DBI :: errstr;' – 2012-03-06 22:25:10