iRev Input Validation Libraries

Monte Goulding monte at sweattechnologies.com
Sat Sep 18 03:57:54 EDT 2010


> I'm thinking this should suffice where the "positive match" is A-z plus 0-9, comma, period and explanation mark... if allowed should suffice, but then I may need to deal with SQL injection  (PostGreSQL) also.  if there is no ";" then nothing can happen. But I know it is more complicated that that.


According to the revIgniter docs when using the placeholder SQL syntax the db external escapes the variable/array element for you and therefore protects you from SQL injection. I can't find that in the rev docs but I imagine Ralf has investigated.

Cheers

--
Monte Goulding
M E R Goulding Software Development
Bespoke application development for vertical markets

InstallGadget - How to create an installer in 10 seconds
revObjective  - Making behavior scripts behave




More information about the use-livecode mailing list