Skip to content
PerlCritic policy that attempts to detect the most common sources of SQL injection in manually crafted SQL statements, by detecting the use of variables inside interpolated strings that look like SQL statements.
Perl
Find file

README.md

Perl-Critic-Policy-ValuesAndExpressions-PreventSQLInjection

Build Status Coverage Status CPAN

When building SQL statements manually instead of using an ORM, any input must be quoted or passed using placeholders to prevent the introduction of SQL injection vectors. This policy attempts to detect the most common sources of SQL injection in manually crafted SQL statements, by detecting the use of variables inside interpolated strings that look like SQL statements.

INSTALLATION

To install this module, run the following commands:

perl Build.PL
./Build
./Build test
./Build install

SUPPORT AND DOCUMENTATION

After installing, you can find documentation for this module with the perldoc command.

perldoc Perl::Critic::Policy::ValuesAndExpressions::PreventSQLInjection

You can also look for information at:

LICENSE AND COPYRIGHT

Copyright (C) 2013-2016 Guillaume Aubert

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License version 3 as published by the Free Software Foundation.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/

Something went wrong with that request. Please try again.