Database Input Validation

Peter Haworth pete at lcsql.com
Mon Jul 6 22:49:22 CEST 2015


Hi Pascal,
I assume you're referring to SQL injection attacks.

You can avoid them by using the varslist/arrayname parameter of
revDataFromQuery/revQueryDatabase/revExecute SQL.  See the dictionary for
more details but it involves using placeholders in your SQL statements and
loading the values for those placeholders into separate variables or a
numerically keyed array.

On Mon, Jul 6, 2015 at 1:20 AM Pascal Lehner <tate83 at gmail.com> wrote:

> Hi all,
>
> I am working on a desktop app that is running a SQLite database and might
> well end up as a HTML5 server version with MySQL in the not-so-far future.
> For this I want to have some sort of input validation to avoid security and
> XSS incidents.
>
> Does anyone have a library or function to "sanitize" any sql statement
> before running it against the database? Or how do you do this?
>
> Thanks,
>
> Pascal
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>


More information about the use-livecode mailing list