Clarify explanation of untainting.

author Nick Kew <niq@apache.org>

Tue, 22 Apr 2008 09:38:17 +0000 (09:38 +0000)

committer Nick Kew <niq@apache.org>

Tue, 22 Apr 2008 09:38:17 +0000 (09:38 +0000)
author Nick Kew <niq@apache.org>
Tue, 22 Apr 2008 09:38:17 +0000 (09:38 +0000)
committer Nick Kew <niq@apache.org>
Tue, 22 Apr 2008 09:38:17 +0000 (09:38 +0000)
diff --git a/docs/manual/mod/mod_dbd.xml b/docs/manual/mod/mod_dbd.xml

index ae20019abc5a0f4d770d6b9b9bf02aa62493dd22..9992f5550383ec5050ac02ca00c34f03eb3ce9fa 100644 (file)
--- a/docs/manual/mod/mod_dbd.xml
+++ b/docs/manual/mod/mod_dbd.xml
@@ -127,8 +127,13 @@ APR_DECLARE_OPTIONAL_FN(void, ap_dbd_prepare, (server_rec*, const char*, const c
      untrusted input is merged into the SQL statement.</p>
      <p>It can be made safe by <em>untainting</em> all inputs:
      a process inspired by Perl's taint checking.  Each input
-    is matched against a regexp, and only the match is used.
-    To use this, the untainting regexps must be included in the
+    is matched against a regexp, and only the match is used,
+    according to the Perl idiom:</p>
+    <example>
+        <pre><code>  $untrusted =~ /([a-z])+/;
+  $trusted = $1;</code></pre>
+    </example>
+    <p>To use this, the untainting regexps must be included in the
      prepared statements configured.  The regexp follows immediately
      after the % in the prepared statement, and is enclosed in
      curly brackets {}.  For example, if your application expects
author	Nick Kew <niq@apache.org>
	Tue, 22 Apr 2008 09:38:17 +0000 (09:38 +0000)
committer	Nick Kew <niq@apache.org>
	Tue, 22 Apr 2008 09:38:17 +0000 (09:38 +0000)