/ 
DBI-1.607
River stage four • 1072 direct dependents • 2644 total dependents
/ DBD::Sponge
Security Advisories (8)
CVE-2020-14393 (2020-09-16)

A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.

CVE-2020-14392 (2020-06-17)

An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.

CVE-2019-20919 (2020-09-17)

An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.

CPANSA-DBI-2014-01 (2014-10-15)

DBD::File drivers open files from folders other than specifically passed using the f_dir attribute.

CVE-2014-10402 (2020-09-16)

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.

CVE-2014-10401 (2020-09-11)

An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.

CVE-2013-7491 (2020-09-11)

An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.

CVE-2013-7490 (2020-09-11)

An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.

NAME

DBD::Sponge - Create a DBI statement handle from Perl data

SYNOPSIS

my $sponge = DBI->connect("dbi:Sponge:","","",{ RaiseError => 1 });
my $sth = $sponge->prepare($statement, {
        rows => $data,
        NAME => $names,
        %attr
    }
);

DESCRIPTION

DBD::Sponge is useful for making a Perl data structure accessible through a standard DBI statement handle. This may be useful to DBD module authors who need to transform data in this way.

METHODS

connect()

my $sponge = DBI->connect("dbi:Sponge:","","",{ RaiseError => 1 });

Here's a sample syntax for creating a database handle for the Sponge driver. No username and password are needed.

prepare()

my $sth = $sponge->prepare($statement, {
        rows => $data,
        NAME => $names,
        %attr
    }
);

  • The $statement here is an arbitrary statement or name you want to provide as identity of your data. If you're using DBI::Profile it will appear in the profile data.

    Generally it's expected that you are preparing a statement handle as if a select statement happened.

  • $data is a reference to the data you are providing, given as an array of arrays.

  • $names is a reference an array of column names for the $data you are providing. The number and order should match the number and ordering of the $data columns.

  • %attr is a hash of other standard DBI attributes that you might pass to a prepare statement.

    Currently only NAME, TYPE, and PRECISION are supported.

BUGS

Using this module to prepare INSERT-like statements is not currently documented.

AUTHOR AND COPYRIGHT

This module is Copyright (c) 2003 Tim Bunce

Documentation initially written by Mark Stosberg

The DBD::Sponge module is free software; you can redistribute it and/or modify it under the same terms as Perl itself. In particular permission is granted to Tim Bunce for distributing this as a part of the DBI.

SEE ALSO

DBI