Database Input Validation

Peter Haworth pete at
Mon Jul 6 16:49:22 EDT 2015

Hi Pascal,
I assume you're referring to SQL injection attacks.

You can avoid them by using the varslist/arrayname parameter of
revDataFromQuery/revQueryDatabase/revExecute SQL.  See the dictionary for
more details but it involves using placeholders in your SQL statements and
loading the values for those placeholders into separate variables or a
numerically keyed array.

On Mon, Jul 6, 2015 at 1:20 AM Pascal Lehner <tate83 at> wrote:

> Hi all,
> I am working on a desktop app that is running a SQLite database and might
> well end up as a HTML5 server version with MySQL in the not-so-far future.
> For this I want to have some sort of input validation to avoid security and
> XSS incidents.
> Does anyone have a library or function to "sanitize" any sql statement
> before running it against the database? Or how do you do this?
> Thanks,
> Pascal
> _______________________________________________
> use-livecode mailing list
> use-livecode at
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:

More information about the Use-livecode mailing list