Database Input Validation
pete at lcsql.com
Mon Jul 6 22:49:22 CEST 2015
I assume you're referring to SQL injection attacks.
You can avoid them by using the varslist/arrayname parameter of
revDataFromQuery/revQueryDatabase/revExecute SQL. See the dictionary for
more details but it involves using placeholders in your SQL statements and
loading the values for those placeholders into separate variables or a
numerically keyed array.
On Mon, Jul 6, 2015 at 1:20 AM Pascal Lehner <tate83 at gmail.com> wrote:
> Hi all,
> I am working on a desktop app that is running a SQLite database and might
> well end up as a HTML5 server version with MySQL in the not-so-far future.
> For this I want to have some sort of input validation to avoid security and
> XSS incidents.
> Does anyone have a library or function to "sanitize" any sql statement
> before running it against the database? Or how do you do this?
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
More information about the use-livecode