You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Jason Wilkes <se...@yahoo.co.uk> on 2002/07/05 12:20:20 UTC
RE: Understanding why this "fixes" my perlaccess script
Eric,
Yes that worked, and thanks. I guess I misconstrued
what I was returning.
Thanks also to Perrin Harkins, and Levon Barker.
Also apologies to Levon (it was a code improvement not
a fix :-).
jason
--- ebrine@wardrop.com wrote: >
> [ Sorry, can't send to the list from here. ]
>
>
> > sub handler {
> > ...
> > return (FORBIDDEN) unless $answer;
> > close (DBG);
> > }
>
> You forgot to return something "if $answer"!
> Don't you want something like:
> sub handler {
> ...
> close(DBG);
> return FORBIDDEN unless $answer;
> return OK;
> }
> I'm guessing $answer is being returned because of
> the lack of something else
> being returned.
>
> As for Levon Barker's suggestion, what he didn't say
> is that his suggestion
> is not to fix your problem, but to improve your
> code. Right now, you're
> using a value from the user ($SessionID) and
> building a SQL query from it
> without escaping it!!! bind() will avoid this
> problem, as would escaping
> $SessionID before embedding it into your SQL
> statement.
>
> good luck!
>
> --
> Eric L. Brine Phone: (905)
> 673-3788 Ext. 330
> Wardrop Engineering Inc. Fax: (905)
> 673-8007
> 6725 Airport Rd., Suite 600, email:
> ebrine@wardrop.com
> Mississauga, Ontario, L4V 1V2 www:
http://www.wardrop.com
__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com