Python or PHP?

[John Bokma]

Leif K-Brooks wrote:

> John Bokma wrote:
>> Not. Perl and Java use similar methods where one can specify place
>> holders, and pass on the data unescaped. But still injection is
>> possible. 
> 
> How?

my $sort = $cgi->param( "sort" );
my $query = "SELECT * FROM table WHERE id=? ORDER BY $sort";



-- 
John                               MexIT: http://johnbokma.com/mexit/
                           personal page:       http://johnbokma.com/
        Experienced programmer available:     http://castleamber.com/
            Happy Customers: http://castleamber.com/testimonials.html