RE: Understanding why this "fixes" my perlaccess script

[Jason Wilkes <se...@yahoo.co.uk>]

Eric,

Yes that worked, and thanks. I guess I misconstrued
what I was returning.
Thanks also to Perrin Harkins, and Levon Barker.
Also apologies to Levon (it was a code improvement not
a fix :-). 

jason


 --- ebrine@wardrop.com wrote: > 
> [ Sorry, can't send to the list from here. ]
> 
> 
> > sub handler {
> >   ...
> >   return (FORBIDDEN) unless $answer;
> >   close (DBG);
> > }
> 
> You forgot to return something "if $answer"!
> Don't you want something like:
>   sub handler {
>     ...
>     close(DBG);
>     return FORBIDDEN unless $answer;
>     return OK;
>   }
> I'm guessing $answer is being returned because of
> the lack of something else
> being returned.
> 
> As for Levon Barker's suggestion, what he didn't say
> is that his suggestion
> is not to fix your problem, but to improve your
> code. Right now, you're
> using a value from the user ($SessionID) and
> building a SQL query from it
> without escaping it!!! bind() will avoid this
> problem, as would escaping
> $SessionID before embedding it into your SQL
> statement.
> 
> good luck!
> 
> --
> Eric L. Brine                    Phone: (905)
> 673-3788 Ext. 330
> Wardrop Engineering Inc.         Fax:   (905)
> 673-8007
> 6725 Airport Rd., Suite 600,     email:
> ebrine@wardrop.com
> Mississauga, Ontario, L4V 1V2    www:  
http://www.wardrop.com 

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com