Software Error

Mark Ingram mark.ingram at nexsan.com
Thu Jul 24 08:09:28 UTC 2003


Ahh thats a great link, thanks alot.

i used SqlQuote in the end to pass my email address through, it worked after
that!

Best Regards,

Mark Ingram
Software Engineer
Nexsan Technologies
33 - 35 Parker Centre
Mansfield Road
Derby
DE21 4SZ

-----Original Message-----
From: developers-owner at bugzilla.org
[mailto:developers-owner at bugzilla.org]On Behalf Of vladd
Sent: 23 July 2003 20:09
To: developers at bugzilla.org
Subject: Re: Software Error


Jason's advice about a man page looks good.

The problem is that the var which you introduced, client_cc, is tainted. For
more details a good resource seems to be:

http://gunther.web66.com/FAQS/taintmode.html

Thanks,
Vlad D.

> Hi,
>
> im getting the following error:
>
> Insecure dependency in parameter 1 of DBI::db=HASH(0x8655488)->prepare
> method call while running with -T switch at Bugzilla/DB.pm line 64.
>
> when trying to execute the following code in post_bug.cgi:
>
> for (my $i = 0; $i <= $#client_cc; $i++) {
>     SendSQL("INSERT INTO client_cc (bug_id, who) VALUES ($id,
> $client_cc[$i])");
> }
>
> @client_cc contains a list of email addresses, the table client_cc is
> identical to the table cc except that the who field is a varchar, not a
> medium int.
>
> Ive checked the value of $client_cc[$i] just above the SendSQL and it is
my
> email address, so i dont see what is going wrong?
>
> What am i doing wrong?
>
>
>
> Best Regards,
>
> Mark Ingram
> Software Engineer
> Nexsan Technologies
> 33 - 35 Parker Centre
> Mansfield Road
> Derby
> DE21 4SZ
>
> -
> To view or change your list settings, click here:
> <http://bugzilla.org/cgi-bin/mj_wwwusr?user=jocuri@softhome.net>

-
To view or change your list settings, click here:
<http://bugzilla.org/cgi-bin/mj_wwwusr?user=mark.ingram@nexsan.com>




More information about the developers mailing list