diff options
Diffstat (limited to 'lib/VNWeb/DB.pm')
| -rw-r--r-- | lib/VNWeb/DB.pm | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/VNWeb/DB.pm b/lib/VNWeb/DB.pm index 1583e731..e4905bf0 100644 --- a/lib/VNWeb/DB.pm +++ b/lib/VNWeb/DB.pm @@ -25,7 +25,7 @@ our @EXPORT = qw/ # (and who'd put effort into escaping strings when placeholders are easier?). sub interp_warn { my @r = sql_interp @_; - carp "Possible SQL injection in '$r[0]'" if tuwf->debug && $r[0] =~ /[2-9]/; # 0 and 1 aren't interesting, "SELECT 1" is a common pattern and so is "x > 0" + carp "Possible SQL injection in '$r[0]'" if tuwf->debug && $r[0] =~ /[2-9](?<!r18)/; # 0 and 1 aren't interesting, "SELECT 1" is a common pattern and so is "x > 0" return @r; } |