On Thursday, March 12, 2020, Rob Sargent <
robjsargent@gmail.com> wrote:
The example I saw for qq on the perl site
print(qq(Welcome to GeeksForGeeks));
doesn’t have any quotes in arg to qq
Correct. It also says:
qq() operator in Perl can be used in place of double quotes. It uses a set of parentheses to surround the string.
Try making the sql string without using qq
my $select = “select....’” + $user + “‘;”;
(or perhaps perl has a formatted string function like printf)
This is worse than using correctly.
The OP should (I think) be using a parameterized query instead of brute force string manipulation since this code is a prone to exploit.
David J.
