Posted: Wed Aug 24, 2005 2:29 am Post subject: how to select data in database with valid of romote_addr
I'm learning Perl. and I have a question, hope you can support for me
I get ip address of my computer. It has valid.
But I can't select query from database with this valid. It has error.
There is some thing which I want to say
Joined: 03 May 2006 Posts: 2292 Location: Colorado
Posted: Wed Aug 24, 2005 4:01 am Post subject:
First line should be
use strict;
not
my use strict;
Since I have no idea what SendSQL does it is hard to say what your problem is. Generaly it is a bad idea to embed a variable in a query. Instead you should use place holders. If you where using DBI then it would look like
Code:
my $sql = $dbh->prepare("SELECT * FROM language WHERE ippaddr = ?");
$sql->execute($ipaddr);
The error you are getting suggests that Taint mode is on. This means that any variable obtained from outside need to be untainted before they can be used. I am no expert at untainting so it would probably be best if you talk to whoever wrote your CGI.pl.... I'm assuming that is where SendSQL originates from. _________________ Eric256
Proud previous owner and current admin of Bot-depot.com
Thanks eric256, but... I can't still do it with your way. It's here:
Code:
my $ipaddr = $ENV{'REMOTE_ADDR'};
#print $ipaddr ->output sucessful (example:"192.168.5.100")
my $sql = $dbh->prepare("SELECT * FROM language WHERE ipaddr = ?");
$sql->execute($ipaddr);
but, it have error:
Insecure dependency in parameter 1 of DBI::st=HASH(0x887df28)->execute method call while running with -T switch at /var/www/html/test/index.cgi line 67.
if I use this way, it's ok
Code:
my $ipaddr = '192.168.5.100';
my $sql = $dbh->prepare("SELECT * FROM language WHERE ipaddr = ?");
$sql->execute($ipaddr);
User Control Panel
